How to Train your Antivirus: RL-based Hardening through the Problem-Space

arXiv:2402.19027v1 Announce Type: new
Abstract: ML-based malware detection on dynamic analysis reports is vulnerable to both evasion and spurious correlations. In this work, we investigate a specific ML architecture employed in the pipeline of a widely-known commercial antivirus company, with the goal to harden it against adversarial malware. Adversarial training, the sole defensive technique that can confer empirical robustness, is not applicable out of the box in this domain, for the principal reason that gradient-based perturbations rarely map back to …

adversarial analysis antivirus architecture arxiv commercial cs.ai cs.cr detection dynamic dynamic analysis evasion goal hardening malware malware detection pipeline problem reports space train training vulnerable work