Numerous open-source and commercial malware detectors are available. However, their efficacy is threatened by new adversarial attacks, whereby malware attempts to evade detection, e.g., by performing feature-space manipulation. In this work, we propose an explainability-guided and model-agnostic framework for measuring the ability of malware to evade detection. The framework introduces the concept of Accrued Malicious Magnitude (AMM) to identify which malware features should be manipulated to maximize the likelihood of evading detection. We then use this framework to test several state-of-the-art malware detectors ability to detect manipulated malware. We find that (i) commercial antivirus engines are vulnerable to AMM-guided manipulated samples; (ii) the ability of a manipulated malware generated using one detector to evade detection by another detector (i.e., transferability) depends on the overlap of features with large AMM values between the different detectors; and (iii) AMM values effectively measure the importance of features and explain the ability to evade detection. Our findings shed light on the weaknesses of current malware detectors, as well as how they can be improved.
翻译:然而,它们的效力受到新的对抗性攻击的威胁,这种攻击使恶意软件试图逃避探测,例如,进行地物空间操纵。在这项工作中,我们提议了一个用于测量恶意软件逃避探测能力的解释性指南和模型性框架。框架引入了隐性恶意磁度概念,以确定哪些恶意软件特性应当被操纵以最大限度地避免探测的可能性。然后我们利用这个框架测试一些最先进的恶意软件探测器检测被操纵的恶意软件的能力。我们发现(一) 商业反病毒引擎易受AMM操纵的样品的影响;(二) 利用一个探测器生成的被操纵的恶意软件是否有能力逃避另一个探测器的检测(即可转移性),取决于不同探测器之间与AMM大型值的特征重叠;以及(三) AMM值有效地衡量特征的重要性,并解释逃避探测的能力。我们发现,目前的恶意软件探测器的弱点是如何改进的。