Effectiveness of Adversarial Examples and Defenses for Malware Classification

TL;DR

This paper investigates the vulnerability of neural network-based malware classifiers to adversarial examples and evaluates various attack and defense methods in the malware domain.

Contribution

It provides a comparative analysis of adversarial attack techniques and defense strategies specifically tailored for malware classification tasks.

Findings

Adversarial examples can significantly mislead malware classifiers.

Certain defense techniques improve robustness against attacks.

Effectiveness varies across different datasets and methods.

Abstract

Artificial neural networks have been successfully used for many different classification tasks including malware detection and distinguishing between malicious and non-malicious programs. Although artificial neural networks perform very well on these tasks, they are also vulnerable to adversarial examples. An adversarial example is a sample that has minor modifications made to it so that the neural network misclassifies it. Many techniques have been proposed, both for crafting adversarial examples and for hardening neural networks against them. Most previous work has been done in the image domain. Some of the attacks have been adopted to work in the malware domain which typically deals with binary feature vectors. In order to better understand the space of adversarial examples in malware classification, we study different approaches of crafting adversarial examples and defense techniques in the malware domain and compare their effectiveness on multiple datasets.