Los puntos clave no están disponibles para este artículo en este momento.
Recent work has shown that deep-learning algorithms for malware detection are susceptible to adversarial examples, i. e. , carefully-crafted perturbations input malware that enable misleading classification. Although this has their suitability for this task, it is not yet clear why such are easily fooled also in this particular application domain. In work, we take a first step to tackle this issue by leveraging explainable-learning algorithms developed to interpret the black-box decisions of neural networks. In particular, we use an explainable technique known as attribution to identify the most influential input features to each decision, and adapt it to provide meaningful explanations the classification of malware binaries. In this case, we find that a-proposed convolutional neural network does not learn any meaningful for malware detection from the data and text sections of files, but rather tends to learn to discriminate between benign and samples based on the characteristics found in the file header. Based on finding, we propose a novel attack algorithm that generates adversarial binaries by only changing few tens of bytes in the file header. With to the other state-of-the-art attack algorithms, our attack does not injecting any padding bytes at the end of the file, and it is much more, as it requires manipulating much fewer bytes.
Demetrio et al. (Fri,) studied this question.