Exploiting Windows PE Structure for Adversarial Malware Evasion Attacks

Abstract

The last decade has seen phenomenal growth in the application of machine learning. At this point, it won't be wrong to claim that most technological change is directly or indirectly connected to machine learning. Along with machine learning, cyber-attacks have also bloomed in this period. Machine learning has been a great aid to cybersecurity, but the security of machine learning has not been a topic of attention until recently. Among numerous threats posed to the machine learning community, the Adversarial Evasion attack is the latest menace. The adversarial evasion attack has exposed the vulnerability of the modern deep neural network to a few intentionally perturbed data samples. The adversarial evasion attacks originated from the image domain but have now spread across major application domains of machine learning. This work will discuss the state-of-art adversarial evasion attacks against the Windows PE Malware detectors. The structure of a file plays a significant role in how an adversarial evasion attack can be carried out to a file. We will discuss the robustness and weakness of the Windows PE file structure toward the adversarial evasion approach. We will present the existing approaches to exploiting Windows PE file structure and their limitations. We will also propose a noble way to manipulate Windows PE structure to carry out an adversarial evasion attack.