Search papers, labs, and topics across Lattice.
This paper introduces a certifiably robust malware detection framework based on randomized smoothing, using feature ablation and targeted noise injection to defend against adversarial evasion attacks. They generate multiple ablated variants of an executable, classify them with a smoothed classifier, and derive a formal certificate based on the voting distribution and Wilson score interval, guaranteeing robustness within a specific radius. Experiments using PyMetaEngine demonstrate the smoothed classifier's ability to provide certifiable robustness against metamorphic evasion without altering the base ML architecture.
Certifiable defenses against malware evasion are now possible without modifying the underlying ML architecture, offering a practical path to robust security.
Machine learning-based static malware detectors remain vulnerable to adversarial evasion techniques, such as metamorphic engine mutations. To address this vulnerability, we propose a certifiably robust malware detection framework based on randomized smoothing through feature ablation and targeted noise injection. During evaluation, our system analyzes an executable by generating multiple ablated variants, classifies them by using a smoothed classifier, and identifies the final label based on the majority vote. By analyzing the top-class voting distribution and the Wilson score interval, we derive a formal certificate that guarantees robustness within a specific radius against feature-space perturbations. We evaluate our approach by comparing the performance of the base classifier and the smoothed classifier on both clean executables and ablated variants generated using PyMetaEngine. Our results demonstrate that the proposed smoothed classifier successfully provides certifiable robustness against metamorphic evasion attacks without requiring modifications to the underlying machine learning architecture.
