XAdv: Robust Explanations for Malware Detection

Project Information

Project Lead: Dr. Fabio Pierazzi
Dates: October 2023–September 2026
Grant Reference Number: EP/X015971/1

Project Background

Malware (short for malicious software) refers to any software that perform malicious activities, such as stealing information (e.g., spyware) and damaging systems (e.g., ransomware). Malware authors constantly update their attack strategies to evade detection of antivirus systems, and automatically generate multiple variants of the same malware that are harder to recognize than the original. Traditional malware detection methods relying on manually defined patterns (e.g., sequences of bytes) are time consuming and error prone. Hence, academic and industry researchers have started exploring how Machine Learning (ML) can help in detecting new, unseen malware types.

In this context, explaining ML decisions is fundamental for security analysts to verify correctness of a certain decision, and develop patches and remediations faster. However, it has been shown that attackers can induce arbitrary, wrong explanations in ML systems; this is achieved by carefully modifying a few bytes of their malware.

Project Objectives

The EPSRC project XAdv (X for explanation, and Adv for adversarial robustness), aims to design robust explanations for malware detection, i.e., explanations of model decisions which are easy to understand and visualize for security analysts (to support faster verification of maliciousness, and development of patches), and which are trustworthy and reliable even in presence of malware evolution over time and evasive malware authors.

Robustness of explanations will be evaluated from two main perspectives: concept drift (i.e., malware evolution over time), and adversarial ML (i.e., ML-aware attackers, who carefully craft malicious samples to evade detection systems).

Moreover, this project will explore how robust explanations can be used to automatically adapt ML-based malware detection models to new threats over time (e.g., into novel active learning strategies), as well as to integrate domain knowledge from security analysts’ feedback from robust explanations to improve detection accuracy.

References

2024

arXiv

Zeliang Kan, Shae McFadden, Daniel Arp, Feargus Pendlebury, Roberto Jordaney, Johannes Kinder, Fabio Pierazzi, and Lorenzo Cavallaro , TESSERACT: Eliminating Experimental Bias in Malware Classification across Space and Time (Extended Version) , 2024

Bib PDF

@misc{kan2024tesseract,
  title = {TESSERACT: Eliminating Experimental Bias in Malware Classification across Space and Time (Extended Version)},
  author = {Kan, Zeliang and McFadden, Shae and Arp, Daniel and Pendlebury, Feargus and Jordaney, Roberto and Kinder, Johannes and Pierazzi, Fabio and Cavallaro, Lorenzo},
  year = {2024},
  eprint = {2402.01359},
  archiveprefix = {arXiv},
  primaryclass = {cs.LG},
}

2023

AISec

Theo Chow, Zeliang Kan, Lorenz Linhardt, Lorenzo Cavallaro, Daniel Arp, and Fabio Pierazzi , Drift Forensics of Malware Classifiers , In Proc. of the ACM Workshop on Artificial Intelligence and Security (AISec), 2023

Bib PDF Code

@inproceedings{chow2023driftforensics,
  title = {Drift Forensics of Malware Classifiers},
  author = {Chow, Theo and Kan, Zeliang and Linhardt, Lorenz and Cavallaro, Lorenzo and Arp, Daniel and Pierazzi, Fabio},
  booktitle = {Proc. of the {ACM} Workshop on Artificial Intelligence and Security ({AISec})},
  year = {2023},
}

2020

IEEE S&P

Fabio Pierazzi, Feargus Pendlebury, Jacopo Cortellazzi, and Lorenzo Cavallaro , Intriguing properties of adversarial ML attacks in the problem space , In IEEE Symposium on Security and Privacy (S&P), 2020

Bib PDF Website

@inproceedings{pierazzi2020intriguing,
  title = {Intriguing properties of adversarial ML attacks in the problem space},
  author = {Pierazzi, Fabio and Pendlebury, Feargus and Cortellazzi, Jacopo and Cavallaro, Lorenzo},
  booktitle = {{IEEE} Symposium on Security and Privacy ({S\&P})},
  pages = {1332--1349},
  year = {2020},
  organization = {IEEE},
}

2019

USENIX Sec

Feargus Pendlebury, Fabio Pierazzi, Roberto Jordaney, Johannes Kinder, and Lorenzo Cavallaro , TESSERACT: Eliminating experimental bias in malware classification across space and time , In Proc. of USENIX Security Symposium, 2019

Bib PDF

@inproceedings{pendlebury2019tesseract,
  title = {TESSERACT: Eliminating experimental bias in malware classification across space and time},
  author = {Pendlebury, Feargus and Pierazzi, Fabio and Jordaney, Roberto and Kinder, Johannes and Cavallaro, Lorenzo},
  booktitle = {Proc. of {USENIX} Security Symposium},
  year = {2019},
}