A New Formulation for Zeroth-Order Optimization of Adversarial EXEmples in Malware Detection
This addresses the challenge of functionality-preserving adversarial attacks for Windows malware detection, offering a more efficient and theoretically grounded approach.
The paper tackles the problem of adversarial EXEmples in malware detection by formulating it as a zeroth-order optimization framework, resulting in ZEXE, which improves evasion rates and reduces injected content size to less than one third compared to state-of-the-art methods.
Machine learning malware detectors are vulnerable to adversarial EXEmples, i.e. carefully-crafted Windows programs tailored to evade detection. Unlike other adversarial problems, attacks in this context must be functionality-preserving, a constraint which is challenging to address. As a consequence heuristic algorithms are typically used, that inject new content, either randomly-picked or harvested from legitimate programs. In this paper, we show how learning malware detectors can be cast within a zeroth-order optimization framework which allows to incorporate functionality-preserving manipulations. This permits the deployment of sound and efficient gradient-free optimization algorithms, which come with theoretical guarantees and allow for minimal hyper-parameters tuning. As a by-product, we propose and study ZEXE, a novel zero-order attack against Windows malware detection. Compared to state-of-the-art techniques, ZEXE provides drastic improvement in the evasion rate, while reducing to less than one third the size of the injected content.