How to Train your Antivirus: RL-based Hardening through the Problem-Space

no code implementations • 29 Feb 2024 • Jacopo Cortellazzi, Ilias Tsingenopoulos, Branislav Bošanský, Simone Aonzo, Davy Preuveneers, Wouter Joosen, Fabio Pierazzi, Lorenzo Cavallaro

It also makes possible to provide theoretical guarantees on the robustness of the model against a particular set of adversarial capabilities.

Malware Detection

Unraveling the Key of Machine Learning Solutions for Android Malware Detection

no code implementations • 5 Feb 2024 • Jiahao Liu, Jun Zeng, Fabio Pierazzi, Lorenzo Cavallaro, Zhenkai Liang

Android malware detection serves as the front line against malicious apps.

Android Malware Detection Feature Engineering +1

TESSERACT: Eliminating Experimental Bias in Malware Classification across Space and Time (Extended Version)

no code implementations • 2 Feb 2024 • Zeliang Kan, Shae McFadden, Daniel Arp, Feargus Pendlebury, Roberto Jordaney, Johannes Kinder, Fabio Pierazzi, Lorenzo Cavallaro

Machine learning (ML) plays a pivotal role in detecting malicious software.

Decision Making Malware Classification

Adversarial Markov Games: On Adaptive Decision-Based Attacks and Defenses

no code implementations • 20 Dec 2023 • Ilias Tsingenopoulos, Vera Rimmer, Davy Preuveneers, Fabio Pierazzi, Lorenzo Cavallaro, Wouter Joosen

To reliably measure robustness, it is important to evaluate against realistic and worst-case attacks.

"Real Attackers Don't Compute Gradients": Bridging the Gap Between Adversarial ML Research and Practice

no code implementations • 29 Dec 2022 • Giovanni Apruzzese, Hyrum S. Anderson, Savino Dambra, David Freeman, Fabio Pierazzi, Kevin A. Roundy

Recent years have seen a proliferation of research on adversarial machine learning.

Jigsaw Puzzle: Selective Backdoor Attack to Subvert Malware Classifiers

no code implementations • 11 Feb 2022 • Limin Yang, Zhi Chen, Jacopo Cortellazzi, Feargus Pendlebury, Kevin Tu, Fabio Pierazzi, Lorenzo Cavallaro, Gang Wang

Empirically, we show that existing backdoor attacks in malware classifiers are still detectable by recent defenses such as MNTD.

Backdoor Attack

Realizable Universal Adversarial Perturbations for Malware

no code implementations • 12 Feb 2021 • Raphael Labaca-Castro, Luis Muñoz-González, Feargus Pendlebury, Gabi Dreo Rodosek, Fabio Pierazzi, Lorenzo Cavallaro

Universal Adversarial Perturbations (UAPs), which identify noisy patterns that generalize across the input space, allow the attacker to greatly scale up the generation of such examples.

Malware Classification

Dos and Don'ts of Machine Learning in Computer Security

no code implementations • 19 Oct 2020 • Daniel Arp, Erwin Quiring, Feargus Pendlebury, Alexander Warnecke, Fabio Pierazzi, Christian Wressnegger, Lorenzo Cavallaro, Konrad Rieck

With the growing processing power of computing systems and the increasing availability of massive datasets, machine learning algorithms have led to major breakthroughs in many different areas.

BIG-bench Machine Learning Computer Security +1

Intriguing Properties of Adversarial ML Attacks in the Problem Space

no code implementations • 5 Nov 2019 • Fabio Pierazzi, Feargus Pendlebury, Jacopo Cortellazzi, Lorenzo Cavallaro

Second, building on our formalization, we propose a novel problem-space attack on Android malware that overcomes past limitations.

TESSERACT: Eliminating Experimental Bias in Malware Classification across Space and Time

no code implementations • 20 Jul 2018 • Feargus Pendlebury, Fabio Pierazzi, Roberto Jordaney, Johannes Kinder, Lorenzo Cavallaro

Is Android malware classification a solved problem?

Active Learning General Classification +1