Adversarial Attacks on Transformers-Based Malware Detectors
Yash Jakhotiya, Heramb Patil, Jugal Rawlani, Sunil B. Mane
TL;DR
The paper addresses the vulnerability of Transformer-based malware detectors to adversarial evasion, contrasting with signature-based approaches. It presents a three-module detector that fuses assembly and static features using a Transformer backbone and evaluates FGSM-based evasion attacks, reporting a 23.9% misclassification rate, which can be significantly reduced by defenses such as adversarial training. Key findings show that adversarial training lowers misclassification to about 11.2%, while feature-space reduction provides only limited gains, highlighting practical risks and mitigation strategies for ML-driven malware detectors. This work demonstrates the ongoing need for robust defenses in real-world malware detection and offers a publicly accessible implementation for replication and further study.
Abstract
Signature-based malware detectors have proven to be insufficient as even a small change in malignant executable code can bypass these signature-based detectors. Many machine learning-based models have been proposed to efficiently detect a wide variety of malware. Many of these models are found to be susceptible to adversarial attacks - attacks that work by generating intentionally designed inputs that can force these models to misclassify. Our work aims to explore vulnerabilities in the current state of the art malware detectors to adversarial attacks. We train a Transformers-based malware detector, carry out adversarial attacks resulting in a misclassification rate of 23.9% and propose defenses that reduce this misclassification rate to half. An implementation of our work can be found at https://github.com/yashjakhotiya/Adversarial-Attacks-On-Transformers.