Certified Robustness of Learning-based Static Malware Detectors. (arXiv:2302.01757v1 [cs.CR])

Certified defenses are a recent development in adversarial machine learning
(ML), which aim to rigorously guarantee the robustness of ML models to
adversarial perturbations. A large body of work studies certified defenses in
computer vision, where $\ell_p$ norm-bounded evasion attacks are adopted as a
tractable threat model. However, this threat model has known limitations in
vision, and is not applicable to other domains -- e.g., where inputs may be
discrete or subject to complex constraints. Motivated by this gap, we …

adversarial aim attacks body certified computer computer vision development domains evasion guarantee inputs large machine machine learning malware may ml models robustness studies threat threat model work