Go to OpenReview Public Article DBLP homepageCross-Region Feature Reformer With Semantic Preservation for Adversarial Malware Detection
Abstract: With the widespread use of smartphones, malware has posed serious threats to their security, making its detection of utmost concern. To combat the evolving malware attacks, deep learning-based methods have been successfully developed in practical applications due to their strong generalization and unparalleled flexibility in automatic malware detection. However, recent studies have shown that the highly complex transformations of machine learning models, the general unverifiability caused by compound structures, and the unexplainability of predictions have enabled the attackers to carry out inference of the models, which has led to the creation of adversarial samples. Therefore, recent research has concentrated on the key areas of defense against adversarial attacks such as malicious detection. This paper introduces NetAED, a framework for reactive defenses against malware attacks based on adversarial examples, which neither modifies the deployed classifier nor requires knowledge of the process for crafting adversarial examples. In NetAED, we propose a Random Cross-Region Feature Perturbation mechanism and employ non-linear quantization to alleviate the impact of adversarial examples. We further develop ARNDroid, a malware detection system against adversarial examples, which integrates the proposed NetAED. Promising experimental results based on real-world datasets demonstrate that ARNDroid typically provides superior classification performance and robustness to white-box attacks compared with state-of-the-art approaches.
External IDs:dblp:journals/tifs/LiWLLWS26
Loading