Feature-Space Bayesian Adversarial Learning Improved Malware Detector Robustness

We present a new algorithm to train robust malware detector. Malware is prolific problem and detectors are front-line defense. Modern rely on machine learning algorithms. Now, the adversarial objective devise alterations code decrease chance of being detected whilst preserving functionality realism malware. Adversarial effective in improving robustness but generating functional realistic samples non-trivial. Because: i) contrast tasks capable using gradient-based feedback, domain without differentiable mapping function from space (malware inputs) feature hard; ii) it difficult ensure functional. This presents challenge for developing scalable algorithms large datasets at production or commercial scale realize detectors. propose an alternative; perform space. prove projection perturbed, yet valid malware, into will always be subset adversarials generated Hence, by network against feature-space examples, we inherently achieve problem-space examples. formulate Bayesian that captures distribution models improved robustness. To explain algorithm, our method bounds difference between risk empirical improves show neural networks (BNNs) state-of-the-art results; especially False Positive Rate (FPR) regime. Adversarially trained BNNs Notably, adversarially stronger attacks with larger attack budgets margin up 15% recent production-scale dataset more than 20 million samples. Importantly, efforts create benchmark future defenses domain.