Updating Windows malware detectors: Balancing robustness and regression against adversarial EXEmples

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security Pub Date : 2025-04-11 DOI:10.1016/j.cose.2025.104466

Matous Kozak , Luca Demetrio , Dmitrijs Trizna , Fabio Roli

{"title":"Updating Windows malware detectors: Balancing robustness and regression against adversarial EXEmples","authors":"Matous Kozak , Luca Demetrio , Dmitrijs Trizna , Fabio Roli","doi":"10.1016/j.cose.2025.104466","DOIUrl":null,"url":null,"abstract":"<div><div>Adversarial EXEmples are carefully-perturbed programs tailored to evade machine learning Windows malware detectors, with an ongoing effort to develop robust models able to address detection effectiveness. However, even if robust models can prevent the majority of EXEmples, to maintain predictive power over time, models are fine-tuned to newer threats, leading either to partial updates or time-consuming retraining from scratch. Thus, even if the robustness against adversarial EXEmples is higher, the new models might suffer a regression in performance by misclassifying threats that were previously correctly detected. For these reasons, we study the trade-off between accuracy and regression when updating Windows malware detectors by proposing EXE-scanner, a plugin that can be chained to existing detectors to promptly stop EXEmples without causing regression. We empirically show that previously proposed hardening techniques suffer a regression of accuracy when updating non-robust models, exacerbating the gap when considering low false positives regimes and temporal drifts affecting data. Also, through EXE-scanner we gain evidence on the detectability of adversarial EXEmples, showcasing the presence of artifacts left inside while creating them. Due to its design, EXE-scanner can be chained to any classifier to obtain the best performance without the need for costly retraining. To foster reproducibility, we openly release the source code, along with the dataset of adversarial EXEmples based on state-of-the-art perturbation algorithms.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"155 ","pages":"Article 104466"},"PeriodicalIF":4.8000,"publicationDate":"2025-04-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404825001555","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Adversarial EXEmples are carefully-perturbed programs tailored to evade machine learning Windows malware detectors, with an ongoing effort to develop robust models able to address detection effectiveness. However, even if robust models can prevent the majority of EXEmples, to maintain predictive power over time, models are fine-tuned to newer threats, leading either to partial updates or time-consuming retraining from scratch. Thus, even if the robustness against adversarial EXEmples is higher, the new models might suffer a regression in performance by misclassifying threats that were previously correctly detected. For these reasons, we study the trade-off between accuracy and regression when updating Windows malware detectors by proposing EXE-scanner, a plugin that can be chained to existing detectors to promptly stop EXEmples without causing regression. We empirically show that previously proposed hardening techniques suffer a regression of accuracy when updating non-robust models, exacerbating the gap when considering low false positives regimes and temporal drifts affecting data. Also, through EXE-scanner we gain evidence on the detectability of adversarial EXEmples, showcasing the presence of artifacts left inside while creating them. Due to its design, EXE-scanner can be chained to any classifier to obtain the best performance without the need for costly retraining. To foster reproducibility, we openly release the source code, along with the dataset of adversarial EXEmples based on state-of-the-art perturbation algorithms.

查看原文本刊更多论文

更新Windows恶意软件检测器：平衡健壮性和回归对抗的例子

对抗性示例是精心设计的程序，旨在逃避机器学习Windows恶意软件检测器，并不断努力开发能够解决检测有效性的健壮模型。然而，即使健壮的模型可以防止大多数的例子，随着时间的推移，为了保持预测能力，模型被微调到新的威胁，导致部分更新或耗时的从头开始重新训练。因此，即使对对抗性样本的鲁棒性更高，新模型也可能会因为对以前正确检测到的威胁进行错误分类而导致性能下降。出于这些原因，我们通过提出EXE-scanner来研究更新Windows恶意软件检测器时准确性和回归之间的权衡，EXE-scanner是一个可以链接到现有检测器的插件，可以在不导致回归的情况下及时停止示例。我们的经验表明，先前提出的强化技术在更新非鲁棒模型时遭受准确性回归，在考虑低误报制度和影响数据的时间漂移时加剧了差距。此外，通过ex -扫描仪，我们获得了对抗性样本可探测性的证据，展示了在创建它们时遗留在内部的人工制品的存在。由于其设计，EXE-scanner可以链接到任何分类器，以获得最佳性能，而无需昂贵的再培训。为了促进再现性，我们公开发布了源代码，以及基于最先进的扰动算法的对抗性示例数据集。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computers & Security 工程技术-计算机：信息系统

CiteScore

12.40

自引率

7.10%

发文量

365

审稿时长

10.7 months

期刊介绍： Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.