Towards A Framework for Preprocessing Analysis of Adversarial Windows Malware
No Thumbnail Available
Authors
Schultz, Nicholas
Duby, Adam
Issue Date
2022-06-06
Type
proceedings-article
Language
Keywords
Perturbation methods , Semantics , Digital forensics , Machine Learning , Malware , Security
Alternative Title
Abstract
Machine learning for malware detection and classification has shown promising results. However, motivated adversaries can thwart such classifiers by perturbing the classifier’s input features. Feature perturbation can be realized by transforming the malware, inducing an adversarial drift in the problem space. Realizable adversarial malware is constrained by available software transformations that preserve the malware’s original semantics yet perturb its features enough to cross a classifier’s decision boundary. Further, transformations should be plausible and robust to preprocessing. If a defender can identify and filter the adversarial noise, then the utility of the adversarial approach is decreased. In this paper, we examine common adversarial techniques against a set of constraints that expose each technique’s realizability. Our observations indicate that most adversarial perturbations can be reduced through forensic preprocessing of the malware, highlighting the advantage of forensic analysis prior to classification.
Description
Citation
N. Schultz and A. Duby, "Towards A Framework for Preprocessing Analysis of Adversarial Windows Malware," 2022 10th International Symposium on Digital Forensics and Security (ISDFS), Istanbul, Turkey, 2022, pp. 1-6, doi: 10.1109/ISDFS55398.2022.9800812.
Publisher
IEEE