Effectiveness of Adversarial Benign and Malware Examples in Evasion and Poisoning Attacks

TL;DR

This paper evaluates how benign and malicious adversarial examples impact evasion and poisoning attacks on malware detection, revealing benign AEs' significant role in undermining model performance and trust.

Contribution

It introduces a method to generate benign adversarial examples and demonstrates their effectiveness in evasion and poisoning attacks, highlighting new security challenges.

Findings

Benign AEs are as effective as malware AEs in evasion attacks.

Benign AEs more strongly influence poisoning attacks than malware AEs.

Benign AEs can significantly decrease malware detection accuracy.

Abstract

Adversarial attacks present significant challenges for malware detection systems. This research investigates the effectiveness of benign and malicious adversarial examples (AEs) in evasion and poisoning attacks on the Portable Executable file domain. A novel focus of this study is on benign AEs, which, although not directly harmful, can increase false positives and undermine trust in antivirus solutions. We propose modifying existing adversarial malware generators to produce benign AEs and show they are as successful as malware AEs in evasion attacks. Furthermore, our data show that benign AEs have a more decisive influence in poisoning attacks than standard malware AEs, demonstrating their superior ability to decrease the model's performance. Our findings introduce new opportunities for adversaries and further increase the attack surface that needs to be protected by security researchers.