A Comprehensive Study of Cross-domain Adversarial Robustness and Attack Transferability in Image-Based Malware Detection and Classification

Deep learning models have demonstrated competitive performance in many computer vision tasks, such as image-based malware detection and classification. However, evaluating adversarial robustness is critical for their application in real-world scenarios. In this paper, we propose a framework to analyze the adversarial robustness and attack transferability in image-based models for malware detection and classification. Specifically, we adopt a broad spectrum of image-domain attacks to generate adversarial samples and evaluate the model performance drop and the attack success rate. Moreover, we investigate whether adversarial manipulations crafted in the binary domain remain effective after conversion to an image representation. We implement our framework on state-of-the-art models, providing a comprehensive evaluation of their adversarial robustness. Furthermore, we conduct generalization studies to analyze the capabilities of the adopted models under distribution shift. Experimental results reveal high model susceptibility to adversarial attacks, even when originating in the binary domain. To the best of our knowledge, this is the first work to compare a wide range of adversarial attacks on malware models, analyzing the attack transferability across different domains.

Recommended citation: Daidone, Giuseppe and Cirillo, Lorenzo and Querzoni, Leonardo and Amerini, Irene, "A Comprehensive Study of Cross-domain Adversarial Robustness and Attack Transferability in Image-Based Malware Detection and Classification." Available at SSRN: https://ssrn.com/abstract=5960449 or http://dx.doi.org/10.2139/ssrn.5960449
Download Paper | Download Bibtex