Multi-view Representation Learning from Malware to Defend Against Adversarial Variants

TL;DR

This paper introduces ARMD, a multi-view learning framework that enhances deep learning malware detectors' robustness against adversarial variants by leveraging multiple views of malware files, such as source code and binary data.

Contribution

The paper proposes a novel multi-view learning approach, ARMD, to significantly improve the robustness of malware detectors against adversarial modifications.

Findings

ARMD improves adversarial robustness up to seven times.

Experiments conducted on three malware detectors across six categories.

Multi-view approach exploits untouched source code features.

Abstract

Deep learning-based adversarial malware detectors have yielded promising results in detecting never-before-seen malware executables without relying on expensive dynamic behavior analysis and sandbox. Despite their abilities, these detectors have been shown to be vulnerable to adversarial malware variants - meticulously modified, functionality-preserving versions of original malware executables generated by machine learning. Due to the nature of these adversarial modifications, these adversarial methods often use a \textit{single view} of malware executables (i.e., the binary/hexadecimal view) to generate adversarial malware variants. This provides an opportunity for the defenders (i.e., malware detectors) to detect the adversarial variants by utilizing more than one view of a malware file (e.g., source code view in addition to the binary view). The rationale behind this idea is that while the adversary focuses on the binary view, certain characteristics of the malware file in the source code view remain untouched which leads to the detection of the adversarial malware variants. To capitalize on this opportunity, we propose Adversarially Robust Multiview Malware Defense (ARMD), a novel multi-view learning framework to improve the robustness of DL-based malware detectors against adversarial variants. Our experiments on three renowned open-source deep learning-based malware detectors across six common malware categories show that ARMD is able to improve the adversarial robustness by up to seven times on these malware detectors.