StratDef: Strategic Defense Against Adversarial Attacks in ML-based Malware Detection

TL;DR

StratDef is a strategic, moving target defense system that dynamically selects models to enhance robustness against adversarial attacks in ML-based malware detection, outperforming existing defenses.

Contribution

This paper introduces StratDef, a novel strategic defense framework employing a moving target approach for robust malware detection against adversarial attacks.

Findings

StratDef outperforms other defenses under peak adversarial threat.

Few adversarially-trained models outperform vanilla models, but still fall short of StratDef.

Comprehensive evaluation across various threat levels demonstrates StratDef's effectiveness.

Abstract

Over the years, most research towards defenses against adversarial attacks on machine learning models has been in the image recognition domain. The ML-based malware detection domain has received less attention despite its importance. Moreover, most work exploring these defenses has focused on several methods but with no strategy when applying them. In this paper, we introduce StratDef, which is a strategic defense system based on a moving target defense approach. We overcome challenges related to the systematic construction, selection, and strategic use of models to maximize adversarial robustness. StratDef dynamically and strategically chooses the best models to increase the uncertainty for the attacker while minimizing critical aspects in the adversarial ML domain, like attack transferability. We provide the first comprehensive evaluation of defenses against adversarial attacks on machine learning for malware detection, where our threat model explores different levels of threat, attacker knowledge, capabilities, and attack intensities. We show that StratDef performs better than other defenses even when facing the peak adversarial threat. We also show that, of the existing defenses, only a few adversarially-trained models provide substantially better protection than just using vanilla models but are still outperformed by StratDef.