My main area of research lies at the intersection of Machine Learning (ML) and Information Security. My work has focused on building, attacking, and defending malware detectors.

Adversarial Attacks and Defenses for Malware Detection

I am currently conducting research on attacks and defenses for malware detection. Machine learning models are vulnerable to adversarial attacks - attacks that intentionally manipulate the input data to cause the model to misclassify or produce incorrect outputs. Machine learning-based malware detectors are no exception.

I have developed methods to attack feature-based detectors without having to query the target detector and without requiring knowledge of the model’s parameters using Generative Adversarial Networks (GANs).

I have developed methods to defend against adversarial attacks on end-to-end malware detectors based on:

• Randomized smoothing.
• (De)randomized smoothing

I have proposed the first deterministic robustness certificate for end-to-end malware detectors and I have investigated the limitations of static machine learning-based detectors against packing.

Machine Learning for Malware Detection and Classification

During my PhD, I focused on the design, implementation, and evaluation of ML-based approaches for the task of malware classification. I developed methods to classify malware based on:

• Assembly code of the binary files.
• Structural entropy representation of the binary files.
• Grayscale images of the binary files.
• Hand-crafted features and deep learning.