Certifiably robust malware detectors by design
This addresses the vulnerability of machine learning-based malware detectors to adversarial evasion, which is critical for cybersecurity applications.
The paper tackles the problem of adversarial examples in static malware detection by proposing a new model architecture for certifiably robust detection by design, showing that robust detectors can be decomposed into a specific structure applied in the framework ERDALT, which achieves robust detection with limited reduction in performance.
Malware analysis involves analyzing suspicious software to detect malicious payloads. Static malware analysis, which does not require software execution, relies increasingly on machine learning techniques to achieve scalability. Although such techniques obtain very high detection accuracy, they can be easily evaded with adversarial examples where a few modifications of the sample can dupe the detector without modifying the behavior of the software. Unlike other domains, such as computer vision, creating an adversarial example of malware without altering its functionality requires specific transformations. We propose a new model architecture for certifiably robust malware detection by design. In addition, we show that every robust detector can be decomposed into a specific structure, which can be applied to learn empirically robust malware detectors, even on fragile features. Our framework ERDALT is based on this structure. We compare and validate these approaches with machine-learning-based malware detection methods, allowing for robust detection with limited reduction of detection performance.