A study on robustness of malware detection model

In recent years, machine learning–based techniques are used to prevent cyberattacks caused by malware, and special attention is paid to the risks posed by such systems. However, there are relatively few studies on adversarial attacks on machine learning–based malware detection model using portable execution (PE) surface information and even less study from a defender’s perspective. In this study, we focus on malware detection field and treat the aforementioned issue from the perspectives of both attackers and defenders; subsequently, we propose a novel black-box adversarial attack method, named Image_Resource attack, and a robust malware detection model, respectively, using dimensionality reduction and machine learning techniques. The robustness of the proposed model is evaluated using PE surface information obtained from the FFRI Dataset 2018. During robustness evaluation, distances (e.g., the Euclidean distance) between the malware and benign files are measured, and the effectiveness of Image_Resource attack is estimated. Thus, we establish the effectiveness and superiority of the proposed model in terms of detection accuracy and robustness.