Home » Database



Confusing Antimalware Neural Networks


Cloud storage and computations have become popular platforms for deploying ML malware detectors. In such cases, the features for models are built on users' systems and then sent to cybersecurity company servers. The Kaspersky ML research team explored this gray-box scenario and showed that feature knowledge is enough for an adversarial attack on ML models.

They attacked one of Kaspersky’s antimalware ML models without white-box access to it and successfully evaded detection for most of the adversarially modified malware files.


AVID Taxonomy Categorization

  • Risk domains: Security
  • SEP subcategories: S0403: Adversarial Example
  • Lifecycle stages: L06: Deployment

Affected or Relevant Artifacts

  • Developer:
  • Deployer: Kaspersky’s Antimalware ML Model
  • Artifact Details:
    SystemKaspersky’s Antimalware ML Model

Other information

  • Vulnerability Class: ATLAS Case Study
  • Date Published: 2023-03-31
  • Date Last Modified: 2023-03-31
  • Version: 0.2
  • AVID Entry