Certified Adversarial Robustness of Machine Learning-based Malware Detectors via (De) Randomized Smoothing

This paper extends our AISEC paper by:

• Introducing a preprocessing step that allows us to provide determinitstic robustness certificates against patch, append, and content injection attacks.
• Extending the evaluation to four neural network architectures, i.e. MalConv, MalConvGCT, AvastConv, and ShallowConv.
• Comparing our defense with adversarial defenses based on randomized smoothing against SOTA functionality-preserving attacks.
• Showing how the proposed smoothing scheme can be used to facilitate a finer-grained analysis of a PE file, identifying specific chunks within the file that exhibit malicious traits.

Recommended citation: Daniel Gibert, Luca Demetrio, Giulio Zizzo, Quan Le, Jordi Planes, Battista Biggio. (2024). "Certified Adversarial Robustness of Machine Learning-based Malware Detectors via (De) Randomized Smoothing." ArXiv
Download Paper