Tsingenopoulos, I; Cortellazzi, J; Bošanský, B; Aonzo, S; Preuveneers, D; Joosen, W; Pierazzi, F; Tsingenopoulos, I; Cortellazzi, J; Bošanský, B; Aonzo, S; Preuveneers, D; Joosen, W; Pierazzi, F; Cavallaro, L; - view fewer (2024) How to Train your Antivirus: RL-based Hardening through the Problem Space. In: ACM International Conference Proceeding Series. (pp. pp. 130-146). Association for Computering Machinery (ACM): Padua, Italy.

Preview

Text Pierazzi_3678890.3678912.pdf Download (1MB) | Preview

Abstract

ML-based malware detection on dynamic analysis reports is vulnerable to both evasion and spurious correlations. In this work, we investigate a specific ML architecture employed in the pipeline of a widely-known commercial antivirus, with the goal to harden it against adversarial malware. Adversarial training, the most reliable defensive technique that can confer empirical robustness, is not applicable out of the box in this domain, for the principal reason that gradient-based perturbations rarely map back to feasible problem-space programs. We introduce a novel Reinforcement Learning approach for constructing adversarial examples, a constituent part of adversarially training a model against evasion. Our approach comes with multiple advantages. It performs modifications that are feasible in the problem-space, and only those; thus it circumvents the inverse mapping problem. It also makes it possible to provide theoretical guarantees on the robustness of the model against a well-defined set of adversarial capabilities. Our empirical exploration validates our theoretical insights, where we can consistently reach 0% Attack Success Rate after a few adversarial retraining iterations.

Downloads since deposit

Loading...

9Downloads

Download activity - last month

Export as CSVJSONXML

Loading...

Download activity - last 12 months

Export as XMLJSONCSV

Loading...

Downloads by country - last 12 months

Export as JSONCSVXML

Loading...

Archive Staff Only

View Item