Certifiably robust malware detectors by design
Published in 40th International Conference on ICT Systems Security and Privacy Protection (IFIPSEC25), 2025
Malware analysis involves analyzing suspicious software to detect malicious payloads. Static malware analysis, which does not require software execution, relies increasingly on machine learning techniques to achieve scalability. Although such techniques obtain very high detection accuracy, they can be easily evaded with adversarial examples where a few modifications of the sample can dupe the detector without modifying the behaviour of the software. Unlike other domains, such as computer vision, creating an adversarial example for malware without altering its functionality requires specific transformations. We propose a new model architecture that can lead to certifiably robust malware detection by design. In addition, we show that every robust detector can be decomposed into a specific structure, which can be applied to learn empirically robust malware detectors, even on fragile features. Our framework ERDALT is based on this structure. We compare and validate these approaches with machine-learning-based malware detection methods, allowing for robust detection with limited reduction in detection performance.
Recommended citation: Gimenez, P. F., Sivaprasad, S. & Fritz, M., (2025 May). Certifiably robust malware detectors by design. In the 40th International Conference on ICT Systems Security and Privacy Protection (IFIPSEC25)