Gaining the upper hand against malware

Una-May O’Reilly (MIT), Ian Molloy (IBM Research)


Machine learning can be used to detect and defend against malware, but also to improve attacks, creating an “arms race” between defenders and attackers. Researchers at the MIT-IBM Watson AI Lab plan to stay one step ahead in this race by pitting a state-of-the-art machine learning malware detector against an imitated adversarial component repeatedly learning how to fool it. By acting as the adversary, they will figure out how the attacks are learning to evade detection, which will help us to craft better detectors. They recently developed a method to generate adversarial examples of malware and used these adversarial examples successfully to train deep learning models to recognize them. They also designed a strategy to visualize a model’s response to adversarial training and examine its global robustness to adversarial attack. Robustness to adversarial attack is an important objective in AI research and a key component of building trusted AI systems. Results of this project could contribute to resources like the Adversarial Robustness Toolbox, an open-source software library that enables rapid crafting and analysis of attack and defense methods for machine learning models to support researchers and developers in defending deep neural networks against adversarial attacks.