ATWM: Defense against adversarial malware based on adversarial training

TL;DR

This paper introduces ATWM, a novel adversarial training-based defense method for malware detection models that enhances robustness against adversarial attacks without sacrificing accuracy.

Contribution

It proposes an adversarial training approach tailored for malware detection, incorporating preprocessing to improve defense against adversarial malware attacks.

Findings

Improves model robustness against three attack methods

Maintains detection accuracy while enhancing defense

Effective on two different datasets

Abstract

Deep learning technology has made great achievements in the field of image. In order to defend against malware attacks, researchers have proposed many Windows malware detection models based on deep learning. However, deep learning models are vulnerable to adversarial example attacks. Malware can generate adversarial malware with the same malicious function to attack the malware detection model and evade detection of the model. Currently, many adversarial defense studies have been proposed, but existing adversarial defense studies are based on image sample and cannot be directly applied to malware sample. Therefore, this paper proposes an adversarial malware defense method based on adversarial training. This method uses preprocessing to defend simple adversarial examples to reduce the difficulty of adversarial training. Moreover, this method improves the adversarial defense capability of the model through adversarial training. We experimented with three attack methods in two sets of datasets, and the results show that the method in this paper can improve the adversarial defense capability of the model without reducing the accuracy of the model.