A Deep Learning-based Fine-grained Hierarchical Learning Approach for Robust Malware Classification

Given the limited scalability of dynamic analysis, static analysis, such as the use of Control Flow Graph (CFG)-based features, is widely used by machine learning algorithms for malware analysis and detection. However, recent studies have shown these approaches are susceptible to adversarial attacks by adding codes to the binaries with an intention to fool detection systems. This study proposes a malware detection system robust to adversarial attacks. We examine the performance of the state-of-the-art methods against adversarial IoT software crafted using the graph embedding and augmentation techniques; namely, we study the robustness of such methods against two black-box adversarial methods, GEA and SGEA, to generate Adversarial Examples (AEs) with reduced overhead, and keeping their practicality intact. Our comprehensive experimentation with GEA-based AEs show the relation between misclassification and the graph size of the injected sample. Upon optimization and with small perturbation, by use of SGEA, all IoT malware samples are misclassified as benign. This highlights the vulnerability of current detection systems under adversarial settings. With the landscape of possible adversarial attacks, we then propose DL-FHMC, a fine-grained hierarchical learning approach for malware detection and classification, that is robust to AEs with a capability to detect 88.52% of the malicious AEs.