Towards A Framework for Preprocessing Analysis of Adversarial Windows Malware

Contributing USMA Research Unit(s)

Electrical Engineering and Computer Science

Publication Date

Spring 6-6-2022

Publication Title

10th International Symposium on Digital Forensics and Security (ISDFS)

Document Type

Conference Proceeding


Machine learning for malware detection and classification has shown promising results. However, motivated adversaries can thwart such classifiers by perturbing the classifier’s input features. Feature perturbation can be realized by transforming the malware, inducing an adversarial drift in the problem space. Realizable adversarial malware is constrained by available software transformations that preserve the malware’s original semantics yet perturb its features enough to cross a classifier’s decision boundary. Further, transformations should be plausible and robust to preprocessing. If a defender can identify and filter the adversarial noise, then the utility of the adversarial approach is decreased. In this paper, we examine common adversarial techniques against a set of constraints that expose each technique’s realizability. Our observations indicate that most adversarial perturbations can be reduced through forensic preprocessing of the malware, highlighting the advantage of forensic analysis prior to classification.

First Page


Record links to items hosted by external providers may require fee for full-text.