TL;DR
This paper investigates the robustness of ensemble deep neural networks for malware detection against sophisticated adversarial attacks, proposing new attack and defense methods and evaluating their effectiveness on Android malware datasets.
Contribution
It introduces a novel mixture of attacks approach and an enhanced adversarial training method to improve malware detector robustness against evasion attacks.
Findings
Adversarial training significantly improves robustness against diverse attacks.
Ensemble methods enhance detection when base classifiers are robust.
Ensemble attacks can still effectively evade even enhanced detectors.
Abstract
Malware remains a big threat to cyber security, calling for machine learning based malware detection. While promising, such detectors are known to be vulnerable to evasion attacks. Ensemble learning typically facilitates countermeasures, while attackers can leverage this technique to improve attack effectiveness as well. This motivates us to investigate which kind of robustness the ensemble defense or effectiveness the ensemble attack can achieve, particularly when they combat with each other. We thus propose a new attack approach, named mixture of attacks, by rendering attackers capable of multiple generative methods and multiple manipulation sets, to perturb a malware example without ruining its malicious functionality. This naturally leads to a new instantiation of adversarial training, which is further geared to enhancing the ensemble of deep neural networks. We evaluate defenses…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
