WasmGuard: Enhancing Web Security through Robust Raw-Binary Detection of WebAssembly Malware
Track: Security and privacy
Keywords: Wasm malware detection, Adversarial robustness, Contrastive learning, Perturbation bytes, Web security
Abstract: WebAssembly (Wasm), a binary instruction format designed for efficient cross-platform execution, has rapidly become a foundational web standard, widely adopted in browsers, client-side, and server-side applications. However, its growing popularity has led to an increase in Wasm-targeted malware, including cryptojackers and obfuscated malicious scripts, which pose significant threats to web security. In spite of progress in deep learning based detection methods for Wasm malware, such as MINOS, these approaches face substantial performance degradation in adversarial environments. In our experiments, MINOS’s detection accuracy dropped to 49.90\% under adversarial attacks, revealing critical vulnerabilities. To address this, we introduce \textbf{WasmGuard}, a robust malware detection framework tailored for Wasm. WasmGuard employs FGSM-based adversarial training with prior-based initialization for perturbation bytes in customized sections, coupled with a novel adversarial contrastive learning objective. Using our large-scale dataset, \textbf{WasmMal-15K} (publicly available), WasmGuard outperforms six competing methods, achieving up to 99.20\% Robust Accuracy and 99.93\% Standard Accuracy under PGD-50 adversarial attacks, while maintaining low training overhead. Additionally, we have released \textbf{WebChecker}, a WasmGuard-powered browser plugin, providing real-time protection against malicious Wasm files.
Submission Number: 2076
Loading