secml-malware: Pentesting Windows Malware Classifiers with Adversarial EXEmples in Python

TL;DR

The paper introduces secml-malware, the first Python library designed to generate adversarial EXEmples for Windows malware detectors and to evaluate their robustness using both white-box and black-box attacks. Built atop the secml framework, it offers a modular architecture (attack, models, utils) that applies feasible manipulations to Windows binaries while preserving functionality, enabling reproducible penetration testing and easy extension. The authors demonstrate the toolkit by evaluating attacks on MalConv, including Partial DOS, Extend, Shift, Padding, and GAMMA-padding, with white-box attacks proving more effective than black-box ones. The work provides a practical, extensible resource for security researchers and developers to assess and improve defenses against adversarial malware, and points toward future work targeting runtime-behavior-based classifiers.

Abstract

Machine learning has been increasingly used as a first line of defense for Windows malware detection. Recent work has however shown that learning-based malware detectors can be evaded by carefully-perturbed input malware samples, referred to as adversarial EXEmples, thus demanding for tools that can ease and automate the adversarial robustness evaluation of such detectors. To this end, we present secml-malware, the first Python library for computing adversarial attacks on Windows malware detectors. secml-malware implements state-of-the-art white-box and black-box attacks on Windows malware classifiers, by leveraging a set of feasible manipulations that can be applied to Windows programs while preserving their functionality. The library can be used to perform the penetration testing and assessment of the adversarial robustness of Windows malware detectors, and it can be easily extended to include novel attack strategies. Our library is available at https://github.com/pralab/secml_malware.