ML-Based Behavioral Malware Detection Is Far From a Solved Problem

TL;DR

This study reveals a significant performance gap between laboratory ML malware detectors trained on sandbox data and real-world endpoint detection, emphasizing the need for training on endpoint data for practical effectiveness.

Contribution

First measurement study evaluating ML malware detectors on real endpoint data, highlighting challenges and proposing techniques to improve detection performance.

Findings

Performance drops from over 90% in sandbox evaluations to 20-50% in real endpoint scenarios.

Challenges include label noise, distribution shift, and spurious features.

Training on endpoint data yields better real-world detection performance.

Abstract

Malware detection is a ubiquitous application of Machine Learning (ML) in security. In behavioral malware analysis, the detector relies on features extracted from program execution traces. The research literature has focused on detectors trained with features collected from sandbox environments and evaluated on samples also analyzed in a sandbox. However, in deployment, a malware detector at endpoint hosts often must rely on traces captured from endpoint hosts, not from a sandbox. Thus, there is a gap between the literature and real-world needs. We present the first measurement study of the performance of ML-based malware detectors at real-world endpoints. Leveraging a dataset of sandbox traces and a dataset of in-the-wild program traces, we evaluate two scenarios: (i) an endpoint detector trained on sandbox traces (convenient and easy to train), and (ii) an endpoint detector trained on endpoint traces (more challenging to train, since we need to collect telemetry data). We discover a wide gap between the performance as measured using prior evaluation methods in the literature -- over 90% -- vs. expected performance in endpoint detection -- about 20% (scenario (i)) to 50% (scenario (ii)). We characterize the ML challenges that arise in this domain and contribute to this gap, including label noise, distribution shift, and spurious features. Moreover, we show several techniques that achieve 5--30% relative performance improvements over the baselines. Our evidence suggests that applying detectors trained on sandbox data to endpoint detection is challenging. The most promising direction is training detectors directly on endpoint data, which marks a departure from current practice. To promote progress, we will facilitate researchers to perform realistic detector evaluations against our real-world dataset.