A New Formulation for Zeroth-Order Optimization of Adversarial EXEmples in Malware Detection

TL;DR

This paper introduces a zeroth-order optimization framework for creating adversarial malware examples that preserve functionality, enabling more effective evasion of detection systems with fewer modifications.

Contribution

It formulates malware evasion as a zeroth-order optimization problem, allowing the use of sound, gradient-free algorithms with theoretical guarantees, and proposes the ZEXE attack demonstrating improved evasion.

Findings

ZEXE reduces the size of injected content by over two-thirds.

The framework enables efficient, hyper-parameter minimal adversarial attacks.

The approach offers theoretical guarantees for the optimization process.

Abstract

Machine learning malware detectors are vulnerable to adversarial EXEmples, i.e., carefully-crafted Windows programs tailored to evade detection. Unlike other adversarial problems, attacks in this context must be functionality-preserving, a constraint that is challenging to address. As a consequence, heuristic algorithms are typically used, which inject new content, either randomly-picked or harvested from legitimate programs. In this paper, we show how learning malware detectors can be cast within a zeroth-order optimization framework, which allows incorporating functionality-preserving manipulations. This permits the deployment of sound and efficient gradient-free optimization algorithms, which come with theoretical guarantees and allow for minimal hyper-parameters tuning. As a by-product, we propose and study ZEXE, a novel zeroth-order attack against Windows malware detection. Compared to state-of-the-art techniques, ZEXE provides improvement in the evasion rate, reducing to less than one third the size of the injected content.