We use cookies to improve your experience on our site.
AVID-2023-V014
Description
Confusing Antimalware Neural Networks
Details
Cloud storage and computations have become popular platforms for deploying ML malware detectors. In such cases, the features for models are built on users' systems and then sent to cybersecurity company servers. The Kaspersky ML research team explored this gray-box scenario and showed that feature knowledge is enough for an adversarial attack on ML models.
They attacked one of Kaspersky’s antimalware ML models without white-box access to it and successfully evaded detection for most of the adversarially modified malware files.
References
- Confusing Antimalware Neural Networks
- Article, “How to confuse antimalware neural networks. Adversarial attacks and protection”
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0403: Adversarial Example
- Lifecycle stages: L06: Deployment
Affected or Relevant Artifacts
- Developer:
- Deployer: Kaspersky’s Antimalware ML Model
- Artifact Details:
Type Name System Kaspersky’s Antimalware ML Model
Other information
- Vulnerability Class: ATLAS Case Study
- Date Published: 2023-03-31
- Date Last Modified: 2023-03-31
- Version: 0.2
- AVID Entry