XAdv: Robust Explanations for Malware Detection

Lead Research Organisation: King's College London
Department Name: Informatics

Abstract

Malware (short for "malicious software") refers to any software that perform malicious activities, such as stealing information (e.g., spyware) and damaging systems (e.g., ransomware). Malware authors constantly update their attack strategies to evade detection of antivirus systems, and automatically generate multiple variants of the same malware that are harder to recognize than the original. Traditional malware detection methods relying on manually defined patterns (e.g., sequences of bytes) are time consuming and error prone. Hence, academic and industry researchers have started exploring how Machine Learning (ML) can help in detecting new, unseen malware types. In this context, explaining ML decisions is fundamental for security analysts to verify correctness of a certain decision, and develop patches and remediations faster. However, it has been shown that attackers can induce arbitrary, wrong explanations in ML systems; this is achieved by carefully modifying a few bytes of their malware.

This project, XAdv ("X" for explanation, and "Adv" for adversarial robustness), aims to design "robust explanations" for malware detection, i.e., explanations of model decisions which are easy to understand and visualize for security analysts (to support faster verification of maliciousness, and development of patches), and which are trustworthy and reliable even in presence of malware evolution over time and evasive malware authors.

Moreover, this project will explore how robust explanations can be used to automatically adapt ML-based malware detection models to new threats over time, as well as to integrate domain knowledge from security analysts' feedback from robust explanations to improve detection accuracy.

Publications

10 25 50

Related Projects

Project Reference Relationship Related To Start End Award Value
EP/X015971/1 30/09/2023 31/10/2024 £315,128
EP/X015971/2 Transfer EP/X015971/1 01/11/2024 29/09/2026 £259,068
 
Title Drift Forensics of Malware Classifiers 
Description Prototype of the work on using explanation methods to identify potential root causes of detection performance decay over time of malware classifiers. The code allows reproducibility of the work. 
Type Of Material Improvements to research infrastructure 
Year Produced 2023 
Provided To Others? Yes  
Impact Not yet identified. 
URL https://github.com/isneslab/DriftAnalysis
 
Title RPAL 
Description Code for evaluating recovery over time from poisoning of malware detection model. This repository is the official release of the code used for the 'The Impact of Active Learning on Availability Data Poisoning for Android Malware Classifiers' Paper published in the Workshop on Recent Advances in Resilient and Trustworthy Machine Learning (ARTMAN) 2024, co-located with ACSAC. 
Type Of Material Improvements to research infrastructure 
Year Produced 2024 
Provided To Others? Yes  
Impact Not yet identified. 
URL https://github.com/s2labres/RPAL
 
Title AutoRobust 
Description This dataset is comprised of the dynamic analysis reports generated by CAPEv2, from both malware and goodware. We source the goodware as they do in Dambra et al. (https://arxiv.org/abs/2307.14657), where trough the community-maintained packages of Chocolatey they create a dataset that spans 2012 to 2020. The malware are sourced from VirusTotal, namely samples of Portable Executable from 2017 - 2020 that they release for academic purposes. In total, the dataset we assembled contains 26,200 PE samples: 8,600 (33%) goodware and 17,675 (67%) malware. All samples were executed in a series of Windows 7 VMware virtual machines and without network connectivity due to policy/ethical constraints. These were orchestrated through CAPEv2, a maintained open-source successor of Cuckoo. This framework is widely used for analyzing and detecting potentially malicious binaries by executing them in an isolated environment and observing their behavior without risking the security of the host system. Every sample was executed for 150 seconds, an empirical lower bound on the time required to gather the full behavior of samples. We tried to mitigate evasive checks by running the VMwareCloak script to remove well-known artifacts introduced by VMware. Moreover, we populated the filesystem with documents and other common types of files, to resemble a legitimate desktop workstation that malware may identify as a valuable target. The dynamic analysis output is a detailed report with information on the syscalls invoked by the binary and all the relative flags and arguments, as well as all interactions with the file system, registry, network, and other key elements of the operating system. The final dataset contains only the dynamic analysis reports, without the original binaries. 
Type Of Material Database/Collection of data 
Year Produced 2024 
Provided To Others? Yes  
Impact Not yet identified. 
URL https://paperswithcode.com/dataset/autorobust
 
Description Adversarial Training for Robust Windows Malware Detection 
Organisation Avast Software s.r.o
Country Czech Republic 
Sector Private 
PI Contribution We provided expertise in the problem-space reformulation of adversarial ML, and adapted it to an explanation-based modification of dynamic analysis reports for Windows. After bypassing an ML component of a commercial antivirus, we realized a hardening method which prevents attacks within a certain threat model.
Collaborator Contribution Our partners provided insights from explainer and multi-instance learning algorithms used in a component of a commercial antivirus, and on the reinforcement learning pattern we integrated with the explainer to harden the ML component for Windows malware detection.
Impact We published a paper at RAID24, and released publicly a dataset of dynamic analysis reports.
Start Year 2023
 
Description Adversarial Training for Robust Windows Malware Detection 
Organisation University of Leuven
Country Belgium 
Sector Academic/University 
PI Contribution We provided expertise in the problem-space reformulation of adversarial ML, and adapted it to an explanation-based modification of dynamic analysis reports for Windows. After bypassing an ML component of a commercial antivirus, we realized a hardening method which prevents attacks within a certain threat model.
Collaborator Contribution Our partners provided insights from explainer and multi-instance learning algorithms used in a component of a commercial antivirus, and on the reinforcement learning pattern we integrated with the explainer to harden the ML component for Windows malware detection.
Impact We published a paper at RAID24, and released publicly a dataset of dynamic analysis reports.
Start Year 2023
 
Description Investigating Limitations on Current Behavior-based Malware Detection 
Organisation Texas A&M University
Country United States 
Sector Academic/University 
PI Contribution We provided our expertise on ML-based malware detection, as well as implications related to concept drift in this domain.
Collaborator Contribution Our partners had access to a dataset of real-world analysis traces, and compared detection effectiveness when training on sandbox-derived dynamic analysis traces, as is commonly done in security literature. It became clear that sandbox analysis traces are insufficient in most cases to generalize to in-the-wild traces, and the collaboration results in a publication that discusses trade-offs in this scenarios, and way forwards for the community.
Impact Publication: Yigitcan Kaya, Yizheng Chen, Marcus Botacin, Shoumik Saha, Fabio Pierazzi, Lorenzo Cavallaro, David Wagner, and Tudor Dumitras , "ML-Based Behavioral Malware Detection Is Far From a Solved Problem" , In IEEE Conference on Secure and Trustworthy Machine Learning (SaTML), 2025 Leaderboard website for comparing effectiveness of different security solutions: malwaredetectioninthewild.github.io
Start Year 2023
 
Description Investigating Limitations on Current Behavior-based Malware Detection 
Organisation University of California, Berkeley
Country United States 
Sector Academic/University 
PI Contribution We provided our expertise on ML-based malware detection, as well as implications related to concept drift in this domain.
Collaborator Contribution Our partners had access to a dataset of real-world analysis traces, and compared detection effectiveness when training on sandbox-derived dynamic analysis traces, as is commonly done in security literature. It became clear that sandbox analysis traces are insufficient in most cases to generalize to in-the-wild traces, and the collaboration results in a publication that discusses trade-offs in this scenarios, and way forwards for the community.
Impact Publication: Yigitcan Kaya, Yizheng Chen, Marcus Botacin, Shoumik Saha, Fabio Pierazzi, Lorenzo Cavallaro, David Wagner, and Tudor Dumitras , "ML-Based Behavioral Malware Detection Is Far From a Solved Problem" , In IEEE Conference on Secure and Trustworthy Machine Learning (SaTML), 2025 Leaderboard website for comparing effectiveness of different security solutions: malwaredetectioninthewild.github.io
Start Year 2023
 
Description Investigating Limitations on Current Behavior-based Malware Detection 
Organisation University of California, Santa Barbara
Country United States 
Sector Academic/University 
PI Contribution We provided our expertise on ML-based malware detection, as well as implications related to concept drift in this domain.
Collaborator Contribution Our partners had access to a dataset of real-world analysis traces, and compared detection effectiveness when training on sandbox-derived dynamic analysis traces, as is commonly done in security literature. It became clear that sandbox analysis traces are insufficient in most cases to generalize to in-the-wild traces, and the collaboration results in a publication that discusses trade-offs in this scenarios, and way forwards for the community.
Impact Publication: Yigitcan Kaya, Yizheng Chen, Marcus Botacin, Shoumik Saha, Fabio Pierazzi, Lorenzo Cavallaro, David Wagner, and Tudor Dumitras , "ML-Based Behavioral Malware Detection Is Far From a Solved Problem" , In IEEE Conference on Secure and Trustworthy Machine Learning (SaTML), 2025 Leaderboard website for comparing effectiveness of different security solutions: malwaredetectioninthewild.github.io
Start Year 2023
 
Description Investigating Limitations on Current Behavior-based Malware Detection 
Organisation University of Maryland, College Park
Country United States 
Sector Academic/University 
PI Contribution We provided our expertise on ML-based malware detection, as well as implications related to concept drift in this domain.
Collaborator Contribution Our partners had access to a dataset of real-world analysis traces, and compared detection effectiveness when training on sandbox-derived dynamic analysis traces, as is commonly done in security literature. It became clear that sandbox analysis traces are insufficient in most cases to generalize to in-the-wild traces, and the collaboration results in a publication that discusses trade-offs in this scenarios, and way forwards for the community.
Impact Publication: Yigitcan Kaya, Yizheng Chen, Marcus Botacin, Shoumik Saha, Fabio Pierazzi, Lorenzo Cavallaro, David Wagner, and Tudor Dumitras , "ML-Based Behavioral Malware Detection Is Far From a Solved Problem" , In IEEE Conference on Secure and Trustworthy Machine Learning (SaTML), 2025 Leaderboard website for comparing effectiveness of different security solutions: malwaredetectioninthewild.github.io
Start Year 2023
 
Description ACSAC - Artifacts Competition and Impact Award Finalists Presentation 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Postgraduate students
Results and Impact The prototype for time-aware evaluation of ML classifiers, Tesseract, which we released on GitHub in 2024, was shortlisted as a finalist for the "Artifacts Competition and Impact Award Finalists Presentation" for the ACSAC 2024 conference. The Project Lead, Dr. Fabio Pierazzi, gave a talk presenting the findings and impact of the Tesseract paper connected to this project at the ACSAC conference, in front of the conference attendees, which included academics, Ph.D. students, postgraduate students, and practitioners from industry.
Year(s) Of Engagement Activity 2024
URL https://www.acsac.org/2024/program/artifacts_competition/
 
Description KU Leuven Summer School 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Postgraduate students
Results and Impact Invited research presentation at Ph.D. Summer School on "Security & Privacy in the Age of AI", on bridging the gap between academia and industry by creating more realistic evaluations on ML for systems security and malware detection
Year(s) Of Engagement Activity 2024
URL https://cybersecurity-research.be/summer-school-on-security-privacy-in-the-age-of-ai-2024