Explainability-Informed Targeted Malware Misclassification

TL;DR

This paper investigates the vulnerabilities of neural network-based malware classifiers to adversarial attacks, using explainability tools to inform targeted evasion strategies and highlighting the need for more robust detection methods.

Contribution

It introduces explainability-informed adversarial attacks on malware classifiers and provides a benchmark for future research on improving robustness against such attacks.

Findings

High evasion rates demonstrate classifier vulnerabilities.

Explainability tools can guide effective adversarial attacks.

Recommendations for developing more robust malware detection systems.

Abstract

In recent years, there has been a surge in malware attacks across critical infrastructures, requiring further research and development of appropriate response and remediation strategies in malware detection and classification. Several works have used machine learning models for malware classification into categories, and deep neural networks have shown promising results. However, these models have shown its vulnerabilities against intentionally crafted adversarial attacks, which yields misclassification of a malicious file. Our paper explores such adversarial vulnerabilities of neural network based malware classification system in the dynamic and online analysis environments. To evaluate our approach, we trained Feed Forward Neural Networks (FFNN) to classify malware categories based on features obtained from dynamic and online analysis environments. We use the state-of-the-art method, SHapley Additive exPlanations (SHAP), for the feature attribution for malware classification, to inform the adversarial attackers about the features with significant importance on classification decision. Using the explainability-informed features, we perform targeted misclassification adversarial white-box evasion attacks using the Fast Gradient Sign Method (FGSM) and Projected Gradient Descent (PGD) attacks against the trained classifier. Our results demonstrated high evasion rate for some instances of attacks, showing a clear vulnerability of a malware classifier for such attacks. We offer recommendations for a balanced approach and a benchmark for much-needed future research into evasion attacks against malware classifiers, and develop more robust and trustworthy solutions.