Arms Race in Adversarial Malware Detection: A Survey

TL;DR

This survey analyzes the ongoing arms race between attackers and defenders in adversarial malware detection, highlighting key factors influencing attack success and defense effectiveness within a unified conceptual framework.

Contribution

It introduces a comprehensive framework for understanding adversarial malware detection, mapping attacks and defenses to partial order structures, and clarifies the dynamics of the attack-defense arms race.

Findings

Knowing the defender's feature set is crucial for transfer attacks.

Attack success depends on the attacker’s freedom to manipulate in the problem space.

Adversarial training effectiveness hinges on identifying the most potent attack.

Abstract

Malicious software (malware) is a major cyber threat that has to be tackled with Machine Learning (ML) techniques because millions of new malware examples are injected into cyberspace on a daily basis. However, ML is vulnerable to attacks known as adversarial examples. In this paper, we survey and systematize the field of Adversarial Malware Detection (AMD) through the lens of a unified conceptual framework of assumptions, attacks, defenses, and security properties. This not only leads us to map attacks and defenses to partial order structures, but also allows us to clearly describe the attack-defense arms race in the AMD context. We draw a number of insights, including: knowing the defender's feature set is critical to the success of transfer attacks; the effectiveness of practical evasion attacks largely depends on the attacker's freedom in conducting manipulations in the problem space; knowing the attacker's manipulation set is critical to the defender's success; the effectiveness of adversarial training depends on the defender's capability in identifying the most powerful attack. We also discuss a number of future research directions.