Effectiveness of Moving Target Defenses for Adversarial Attacks in ML-based Malware Detection

TL;DR

This paper evaluates the effectiveness of recent moving target defenses against adversarial attacks in ML-based malware detection, revealing vulnerabilities and providing recommendations for future defense strategies.

Contribution

First comprehensive study analyzing the robustness of MTDs in malware detection against adversarial attacks, including new attack strategies and threat models.

Findings

High evasion rates via transferability and query attacks

Attackers can fingerprint defenses and extract hyperparameters

Current MTDs are vulnerable to sophisticated adversarial strategies

Abstract

Several moving target defenses (MTDs) to counter adversarial ML attacks have been proposed in recent years. MTDs claim to increase the difficulty for the attacker in conducting attacks by regularly changing certain elements of the defense, such as cycling through configurations. To examine these claims, we study for the first time the effectiveness of several recent MTDs for adversarial ML attacks applied to the malware detection domain. Under different threat models, we show that transferability and query attack strategies can achieve high levels of evasion against these defenses through existing and novel attack strategies across Android and Windows. We also show that fingerprinting and reconnaissance are possible and demonstrate how attackers may obtain critical defense hyperparameters as well as information about how predictions are produced. Based on our findings, we present key recommendations for future work on the development of effective MTDs for adversarial attacks in ML-based malware detection.