New Paper Accepted: Certifying Accuracy, Privacy, and Robustness of ML-Based Malware Detection
Our paper entitled Certifying Accuracy, Privacy, and Robustness of ML-Based Malware Detection has been accepted for publication in the journal Springer Nature Computer Science.
In this paper, we extend our work in the paper Lightweight Behavior-Based Malware Detection, where we defined a novel, lightweight ML-based malware detector. We instantiate the certification scheme for ML that we defined in the paper Rethinking Certification for Trustworthy Machine-Learning-Based Applications and apply it to our malware detector, to evaluate whether it satisfies properties accuracy, privacy, and robustness. We also use the certification scheme to compare the proposed approach against two representative malware in literature.
The authors of the paper are: Nicola Bena (me) Marco Anisetti, Gabriele Gianini and Claudio Ardagna.
The code used for the certification can be found here, while the code for the malware detector can be found here.
The abstract is below.
Recent advances in artificial intelligence (AI) are radically changing how systems and applications are designed and developed. In this context, new requirements and regulations emerge, such as the AI Act, placing increasing focus on strict non-functional requirements, such as privacy and robustness, and how they are verified. Certification is considered the most suitable solution for non-functional verification of modern distributed systems, and is increasingly pushed forward in the verification of AI-based applications. In this paper, we present a novel dynamic malware detector driven by the requirements in the AI Act, which goes beyond standard support for high accuracy, and also considers privacy and robustness. Privacy aims to limit the need of malware detectors to examine the entire system in depth requiring administrator-level permissions; robustness refers to the ability to cope with malware mounting evasion attacks to escape detection. We then propose a certification scheme to evaluate non-functional properties of malware detectors, which is used to comparatively evaluate our malware detector and two representative deep-learning solutions in literature.