Malicious software is one of the most serious cyber threats on the Internet today. Traditional malware detection has proven unable to keep pace with the sheer number of malware because of their growing complexity, new attacks and variants. Most malware implement various metamorphic techniques in order to disguise themselves, therefore preventing successful analysis and thwarting the detection by signature-based anti-malware engines. During the past decade, there has been an increase in the research and deployment of anti-malware engines powered by machine learning, and in particular deep learning, due to their ability to handle huge volumes of malware and generalize to never-before-seen samples. However, there is little research about the vulnerability of these models to adversarial examples. To fill this gap, this paper presents an exhaustive evaluation of the state-of-the-art approaches for malware classification against common metamorphic attacks. Given the limitations found in deep learning approaches, we present a simple architecture that increases 14.95% the classification performance with respect to MalConv’s architecture. Furthermore, the use of the metamorphic techniques to augment the training set is investigated and results show that it significantly improves the classification of malware belonging to families with few samples.

恶意软件是当今Internet上最严重的网络威胁之一。传统的恶意软件检测已经证明，由于其复杂性不断增加，新的攻击和变种，它们无法跟上大量恶意软件的步伐。大多数恶意软件都采用各种变态技术来掩饰自己，因此阻止了成功的分析并阻碍了基于签名的反恶意软件引擎的检测。在过去的十年中，由于机器学习能够处理大量恶意软件并将其推广到前所未有的样本，因此由机器学习（尤其是深度学习）提供支持的反恶意软件引擎的研究和部署有所增加。但是，很少有关于这些模型易受对抗性示例攻击的研究。为了填补这一空白，本文全面评估了针对常见变态攻击的恶意软件分类的最新方法。考虑到深度学习方法的局限性，我们提出了一种简单的体系结构，相对于MalConv的体系结构，分类性能提高了14.95％。此外，研究了使用变质技术来扩充训练集的结果，结果表明，该技术显着改善了样本较少的家庭恶意软件的分类。