Certifiably robust malware detectors by design

TL;DR

This paper introduces a novel model architecture for malware detection that guarantees robustness against adversarial modifications, combining theoretical insights with empirical validation to improve security without sacrificing detection accuracy.

Contribution

It proposes a certifiably robust malware detection framework, ERDALT, based on a structural decomposition of robust detectors, enhancing robustness in static malware analysis.

Findings

ERDALT achieves robust detection with minimal performance loss.

The structural decomposition enables learning empirically robust detectors.

Validation shows improved robustness over existing machine learning methods.

Abstract

Malware analysis involves analyzing suspicious software to detect malicious payloads. Static malware analysis, which does not require software execution, relies increasingly on machine learning techniques to achieve scalability. Although such techniques obtain very high detection accuracy, they can be easily evaded with adversarial examples where a few modifications of the sample can dupe the detector without modifying the behavior of the software. Unlike other domains, such as computer vision, creating an adversarial example of malware without altering its functionality requires specific transformations. We propose a new model architecture for certifiably robust malware detection by design. In addition, we show that every robust detector can be decomposed into a specific structure, which can be applied to learn empirically robust malware detectors, even on fragile features. Our framework ERDALT is based on this structure. We compare and validate these approaches with machine-learning-based malware detection methods, allowing for robust detection with limited reduction of detection performance.