Certified Adversarial Robustness of Machine Learning-based Malware Detectors via (De)Randomized Smoothing

arXiv:2405.00392v1 Announce Type: new
Abstract: Deep learning-based malware detection systems are vulnerable to adversarial EXEmples - carefully-crafted malicious programs that evade detection with minimal perturbation. As such, the community is dedicating effort to develop mechanisms to defend against adversarial EXEmples. However, current randomized smoothing-based defenses are still vulnerable to attacks that inject blocks of adversarial content. In this paper, we introduce a certifiable defense against patch attacks that guarantees, for a given executable and an adversarial patch size, no adversarial …

adversarial arxiv certified community cs.ai cs.cr current deep learning defenses detection evade machine machine learning malicious malware malware detection robustness systems vulnerable