Published in arXiv preprint arXiv:2102.06747, 2022
Machine learning classification models are vulnerable to adversarial examples -- input-specific perturbations that can manipulate the models output. Universal Adversarial Perturbations (UAPs), which identify noisy patterns that generalize across the input space, allow the attacker to greatly scale up the generation of these adversarial examples. While UAPs have been explored in application domains beyond computer vision, little is known about their implications in the malware domain, where attackers must reason about satisfying challenging problem-space constraints. Therefore, we explore the challenges and strengths of UAPs in the context of malware classification.