Daniel Gibert, PhD

Daniel Gibert, PhD

Researcher at the Artificial Intelligence Research Institute (IIIA-CSIC)

Auditing static machine learning anti-Malware tools against metamorphic attacks

Published in Journal Computers & Security, 2021

This paper presents an exhaustive evaluation of the state-of-the-art approaches for malware classification against common metamorphic attacks.

The metamorphic techniques investigated in this work include:

  • Dead code insertion.
  • Register reassignment.
  • Subroutine reordering.
  • Code reordering through jumps.

The machine learning-based classifiers evaluated include:

  • MalConv: Raff et al. 2018. “Malware Detection by Eating a Whole EXE”. AAAI Workshops 2018
  • AvastConv: Krčál et al. 2018: “Deep Convolutional Malware Classifiers Can Learn from Raw Executables and Labels Only”. ICRL Workshops 2018.
  • ShallowConv: Gibert et al. 2017. “Convolutional neural networks for classification of malware assembly code”. CCIA 2017.
  • Structural entropy-based CNN: Gibert et al. 2018. “Structural entropy-based convolutional neural networks for malware classification”. IIAI-AAAI 2018.
  • Logistic regression + N-Gram features

Recommended citation: Daniel Gibert, Carles Mateu, Jordi Planes, Joao Marques-Silva. (2021). "Auditing static machine learning anti-Malware tools against metamorphic attacks." Journal Computers & Security.
Download Paper