Machine learning has proved to be a promising technology to determine whether a piece of software is malicious or benign. However, the accuracy of this approach comes sometimes at the expense of its robustness and probing these systems against adversarial examples is not always a priority. In this work, we present a gradient-based approach that can carefully generate valid executable malicious files that are classified as benign by state-of-the-art detectors. Initial results demonstrate that our approach is able to automatically find optimal adversarial examples in a more efficient way, which can provide a good support for building more robust models in the future.
Recommended citation: R. Labaca-Castro, B. Biggio, G. Dreo Rodosek: Attacking Malware Classifiers by Crafting Gradient-Attacks that Preserve Functionality. ACM 26th Conference on Computer and Communications Security (CCS), London, United Kingdom, November 12, 2019.