Table of Contents
Fetching ...

Adversarial Attacks against Windows PE Malware Detection: A Survey of the State-of-the-Art

Xiang Ling, Lingfei Wu, Jiangyu Zhang, Zhenqing Qu, Wei Deng, Xiang Chen, Yaguan Qian, Chunming Wu, Shouling Ji, Tianyue Luo, Jingzheng Wu, Yanjun Wu

TL;DR

This survey analyzes adversarial attacks against Windows PE malware detection using ML/DL, emphasizing PE-specific constraints that complicate moving from feature-space to problem-space attacks. It provides a structured taxonomy of white-box and black-box attacks across feature-space and problem-space, and discusses defenses including adversarial training and novel mechanisms like PEberus. The work highlights practical challenges, including format-, executability-, and maliciousness-preserving requirements, and surveys defenses and broader threats like universal perturbations, poisoning, and model stealing. It also outlines future directions, stressing robustness guarantees, realistic attacks against commercial antiviruses, and the need for public benchmarks to standardize evaluations.

Abstract

Malware has been one of the most damaging threats to computers that span across multiple operating systems and various file formats. To defend against ever-increasing and ever-evolving malware, tremendous efforts have been made to propose a variety of malware detection that attempt to effectively and efficiently detect malware so as to mitigate possible damages as early as possible. Recent studies have shown that, on the one hand, existing ML and DL techniques enable superior solutions in detecting newly emerging and previously unseen malware. However, on the other hand, ML and DL models are inherently vulnerable to adversarial attacks in the form of adversarial examples. In this paper, we focus on malware with the file format of portable executable (PE) in the family of Windows operating systems, namely Windows PE malware, as a representative case to study the adversarial attack methods in such adversarial settings. To be specific, we start by first outlining the general learning framework of Windows PE malware detection based on ML/DL and subsequently highlighting three unique challenges of performing adversarial attacks in the context of Windows PE malware. Then, we conduct a comprehensive and systematic review to categorize the state-of-the-art adversarial attacks against PE malware detection, as well as corresponding defenses to increase the robustness of Windows PE malware detection. Finally, we conclude the paper by first presenting other related attacks against Windows PE malware detection beyond the adversarial attacks and then shedding light on future research directions and opportunities. In addition, a curated resource list of adversarial attacks and defenses for Windows PE malware detection is also available at https://github.com/ryderling/adversarial-attacks-and-defenses-for-windows-pe-malware-detection.

Adversarial Attacks against Windows PE Malware Detection: A Survey of the State-of-the-Art

TL;DR

This survey analyzes adversarial attacks against Windows PE malware detection using ML/DL, emphasizing PE-specific constraints that complicate moving from feature-space to problem-space attacks. It provides a structured taxonomy of white-box and black-box attacks across feature-space and problem-space, and discusses defenses including adversarial training and novel mechanisms like PEberus. The work highlights practical challenges, including format-, executability-, and maliciousness-preserving requirements, and surveys defenses and broader threats like universal perturbations, poisoning, and model stealing. It also outlines future directions, stressing robustness guarantees, realistic attacks against commercial antiviruses, and the need for public benchmarks to standardize evaluations.

Abstract

Malware has been one of the most damaging threats to computers that span across multiple operating systems and various file formats. To defend against ever-increasing and ever-evolving malware, tremendous efforts have been made to propose a variety of malware detection that attempt to effectively and efficiently detect malware so as to mitigate possible damages as early as possible. Recent studies have shown that, on the one hand, existing ML and DL techniques enable superior solutions in detecting newly emerging and previously unseen malware. However, on the other hand, ML and DL models are inherently vulnerable to adversarial attacks in the form of adversarial examples. In this paper, we focus on malware with the file format of portable executable (PE) in the family of Windows operating systems, namely Windows PE malware, as a representative case to study the adversarial attack methods in such adversarial settings. To be specific, we start by first outlining the general learning framework of Windows PE malware detection based on ML/DL and subsequently highlighting three unique challenges of performing adversarial attacks in the context of Windows PE malware. Then, we conduct a comprehensive and systematic review to categorize the state-of-the-art adversarial attacks against PE malware detection, as well as corresponding defenses to increase the robustness of Windows PE malware detection. Finally, we conclude the paper by first presenting other related attacks against Windows PE malware detection beyond the adversarial attacks and then shedding light on future research directions and opportunities. In addition, a curated resource list of adversarial attacks and defenses for Windows PE malware detection is also available at https://github.com/ryderling/adversarial-attacks-and-defenses-for-windows-pe-malware-detection.
Paper Structure (39 sections, 2 equations, 6 figures, 1 table)

This paper contains 39 sections, 2 equations, 6 figures, 1 table.

Figures (6)

  • Figure 1: The general layout of a PE file consists of three groups of information: header information, section information, and the other un-mapped data.
  • Figure 2: The Overview Learning Framework of PE Malware Detection.
  • Figure 3: Illustration of the connection between the feature-space attack and the problem-space attack, in which the feature mapping function $\phi$ and the inverse feature mapping function $\phi^{-1}$ act as bridges for transitions between the feature-space and the problem-space.
  • Figure 4: The schematic illustration of the feature-space attack versus the problem-space attack for PE malware, in which the original PE malware $z$ is manipulated in the problem-space to continuously generate the adversarial PE malware (i.e., $z^{\prime}_{1}$, $z^{\prime}_{2}$, $z^{\prime}_{3}$ and $z^{\prime}$), while the corresponding PE malware feature $x$ in the feature-space is mapped to continuously generate adversarial PE malware features (i.e., $x^{\prime}_{1}$, $x^{\prime}_{2}$, $x^{\prime}_{3}$ and $x^{\prime}$).
  • Figure 5: The schematic illustration of relationship between the three unique challenges of adversarial attacks for PE malware, i.e., format-preserving, executability-preserving and maliciousness-preserving.
  • ...and 1 more figures