SoK: Arms Race in Adversarial Malware Detection

05/24/2020
by   Deqiang Li, et al.
0

Malicious software (malware) is a major cyber threat that shall be tackled with Machine Learning (ML) techniques because millions of new malware examples are injected into cyberspace on a daily basis. However, ML is known to be vulnerable to attacks known as adversarial examples. In this SoK paper, we systematize the field of Adversarial Malware Detection (AMD) through the lens of a unified framework of assumptions, attacks, defenses and security properties. This not only guides us to map attacks and defenses into some partial order structures, but also allows us to clearly describe the attack-defense arms race in the AMD context. In addition to manually drawing insights, we also propose using ML to draw insights from the systematized representation of the literature. Examples of the insights are: knowing the defender's feature set is critical to the attacker's success; attack tactic (as a core part of the threat model) largely determines what security property of a malware detector can be broke; there is currently no silver bullet defense against evasion attacks or poisoning attacks; defense tactic largely determines what security properties can be achieved by a malware detector; knowing attacker's manipulation set is critical to defender's success; ML is an effective method for insights learning in SoK studies. These insights shed light on future research directions.

READ FULL TEXT
research
02/21/2023

MalProtect: Stateful Defense Against Adversarial Query Attacks in ML-based Malware Detection

ML models are known to be vulnerable to adversarial query attacks. In th...
research
04/07/2019

Malware Evasion Attack and Defense

Machine learning (ML) classifiers are vulnerable to adversarial examples...
research
02/15/2022

StratDef: a strategic defense against adversarial attacks in malware detection

Over the years, most research towards defenses against adversarial attac...
research
07/24/2023

Malware Resistant Data Protection in Hyper-connected Networks: A survey

Data protection is the process of securing sensitive information from be...
research
07/01/2020

Fundamental Limits of Adversarial Learning

Robustness of machine learning methods is essential for modern practical...
research
08/14/2020

First Step Towards Modeling Unbreakable Malware

Currently, the construction of concealed malicious code has become a tre...
research
04/24/2020

ML-driven Malware that Targets AV Safety

Ensuring the safety of autonomous vehicles (AVs) is critical for their m...

Please sign up or login with your details

Forgot password? Click here to reset