Full text
71,586 characters
· extracted from
preprint-html
· click to expand
An Empirical Study on the Effectiveness of Adversarial Examples in Window PE Malware Detection Model | Authorea try { document.documentElement.classList.add('js'); } catch (e) { } var _gaq = _gaq || []; _gaq.push(['_setAccount', 'G-8VDV14Y67G']); _gaq.push(['_trackPageview']); (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })(); Skip to main content Preprints Collections Wiley Open Research IET Open Research Ecological Society of Japan All Collections About About Authorea FAQs Contact Us Quick Search anywhere Search for preprint articles, keywords, etc. Search Search ADVANCED SEARCH SCROLL This is a preprint and has not been peer reviewed. Data may be preliminary. 12 March 2025 V1 Latest version Share on An Empirical Study on the Effectiveness of Adversarial Examples in Window PE Malware Detection Model Authors : Manju Dhull1 0000-0001-6129-7475 [email protected] and Chhavi Rana2 Authors Info & Affiliations https://doi.org/10.22541/au.174175774.46200982/v1 761 views 244 downloads Contents Abstract Information & Authors Metrics & Citations View Options References Figures Tables Media Share Abstract Malware detection is an important part of cybersecurity that concentrates on detecting and eliminating harmful software intended to harm computer systems or data. Early conventional Malware detection technologies that depend on recognized malware patterns have limitations in recognizing code obfuscation with dynamically increasing threats. Recent research has shown that current Machine Learning (ML) Techniques are highly effective at identifying newly discovered and previously unknown malware which are more vulnerable in terms of adversarial examples. These examples are intentionally created by making tiny and deliber- ate modifications to authentic inputs to cause the models to act incorrectly. To tackle this issue, the study is centred on improving the resilience of models by employing quality of datasets and adversarial training techniques. This System- atic Literature Review (SLR) addresses malware detection with the file format of Portable Executable (PE) belongs to the family of Window Operating System by examining 50 Scientific Papers selected from various Publications present in Scopus Database. It provides the classification on Windows PE features, various Datasets, basic framework of the Malware detection model and ML and DL algo- rithms along with survey of evaluation Metrics. The main contribution of this paper is to find the problem and research gaps in this area of interest. Finally, the paper conclude with the future directions and opportunities. An Empirical Study on the Effectiveness of Adversarial Examples in Window PE Malware Detection Model Manju Dhull1,2* and Chhavi Rana2,3 1*Computer science and engineering (UIET), Maharshi Dayanand University, Rohtak, 124001, Haryana, India. 1*Information Technology, Maharaja Surajmal Institute of Technology, Janakpuri, 110058, Delhi, India. 2*Computer science and engineering (UIET), Maharshi Dayanand University, Rohtak, 124001, Haryana, India. *Corresponding author(s). E-mail(s): [email protected] ; Contributing authors: [email protected] ; Abstract Malware detection is an important part of cybersecurity that concentrates on detecting and eliminating harmful software intended to harm computer systems or data. Early conventional Malware detection technologies that depend on recognized malware patterns have limitations in recognizing code obfuscation with dynamically increasing threats. Recent research has shown that current Machine Learning (ML) Techniques are highly effective at identifying newly discovered and previously unknown malware which are more vulnerable in terms of adversarial examples. These examples are intentionally created by making tiny and deliber- ate modifications to authentic inputs to cause the models to act incorrectly. To tackle this issue, the study is centred on improving the resilience of models by employing quality of datasets and adversarial training techniques. This System- atic Literature Review (SLR) addresses malware detection with the file format of Portable Executable (PE) belongs to the family of Window Operating System by examining 50 Scientific Papers selected from various Publications present in Scopus Database. It provides the classification on Windows PE features, various Datasets, basic framework of the Malware detection model and ML and DL algo- rithms along with survey of evaluation Metrics. The main contribution of this paper is to find the problem and research gaps in this area of interest. Finally, the paper conclude with the future directions and opportunities. Keywords: Machine learning, Deep Learning, Adversarial Examples, Malware detection, Portable Executable Introduction Due to the rapid advancements and creativity in information technology, computer systems have become essential and pervasive in our everyday life. With increasing the advancement in Technologies cyberattacks are also increasing rapidly which harm the computer system with adverse goals, such as causing damage to computers or obtain- ing economic advantage. [69][59] Malware is an abbreviation for malicious software it plays a vital role in cyberattacks. It is a prevalent and potent method attackers employ to engage in destructive actions within computer systems. These activities include unauthorized theft of valuable information, compromising the entire system, and demanding a substantial attack. Malware can affect different operating systems, including Windows, Linux, macOS, and Android, and can come in various file for- mats such as PE, ELF, Mach-O, APK, and PDF. However, this paper specifically focuses on Windows PE malware because of two main reasons. Research Indicates no one gives all type of malware detection solutions, thus this paper focuses on the procedures used for analysing malware PE Files, as detection methods is very signifi- cant when it comes to Windows PE files[77][56]. Other reason to focus on PE files Malware detection is that Window OS used worldwide and can be helpful for many users. Acc to the statistics of AV Test as shown in Figure 1. Majority of Window OS users exists in Market. Fig. 1 OS malware visualization The malware began in 1986, when the first known malware, dubbed Brain, was created. The malware rapidly spread via computer networks, infecting millions of devices. Similar Statistics were reported by AV -Test which shows the graph of evolution of malware from 2008-2024 in Figure 2. This was a period of significant growth in malware and computerized systems development. In the present day, the increasing number of digital and smart gadgets has led to a rise in the creation of new malware.[13][73] These malicious software programs are designed to undermine the security of devices and facilitate the theft of sensitive information which were used to detect using various techniques Fig. 2 As per AV-Test Growth of Malware from 2008-2024 Previously malware were detected using Signature pattern matching. These sig- natures might consist of cryptographic hashes, opcode and byte patterns. This type of analysis is very slow and not so accurate, known as static analysis which is also discussed in section 2 of Malware Analysis. It detects the code without actually run- ning it. It is achieved by reverse engineering of extracted characteristics, which is called Static Analysis. Limitation of static analysis is its inability to identify newly developed signatures or emerging malware or widespread use of obfuscation [75]. The limitations of the static analysis is resolved by the dynamic analysis methods were designed to monitor the runtime characteristics of the software. The dynamic analy- sis procedure is conducted within a virtual environment utilizing the cuckoo sandbox tool to extract the concealed patterns of programs. The text describes the process of deciphering and analyzing the hidden and complex behaviours that occur while run- ning applications containing malicious files. Nevertheless, dynamic analysis can not be impacted by obfuscation but can be poor in detecting zero-day malware due to the overlapping nature of characteristics. Researchers have developed a hybrid analytic technique for malware detection to address these issues, combining static and dynamic analysis. Hybrid analysis is highly successful in detecting malicious behaviour in com- puters and smart devices [77][75][70]. Over time, the increase of malware is rapidly expanding. Thus Finding malware using traditional methods such as signature pat- tern matching, rule-based, opcode-based, graph-based, and entropy-based approaches is challenging. At present, there has been a movement in patterns towards the use of artificial intelligence for detecting malware. Therefore, to address these problems and difficulties in detecting advanced malware, researchers have discovered the potential of machine learning (ML) and deep learning (DL) approaches. They have designed a malware detection framework to identify modified malware variations. Within the realm of literature, many frameworks that utilize machine learning (ML) have been referenced [5]. The ML models operate by utilizing training and testing datasets. The classification method must be taught through the training dataset when the classifier has been properly trained. Subsequently, the new dataset was employed to evaluate the accuracy of predicting the target class. Overall, these two parameters impact the predictive power of classifiers [70] . ML classifiers are widely used to detect malware. Every classifier possesses its own advantages and constraints. The performance of a machine learning classifier is also influenced by the quality of the features used or the selection of optimum features. Instead of these techniques with the advancement of machine learning threats have been also modified to misguide the machines known as Adversarial Threats further explained in detail in section 3. These modified attacks pose a threat to the security of machine learning models [72]. Adversarial examples are intentionally crafted inputs that attackers construct to purposefully cause a machine learning model to make incorrect predictions. Adversarial machine learning is a disci- pline focused on the study of deliberate attacks on machine learning algorithms and the development of countermeasures to protect against these attacks[68]. Malware detection involves a constant competition between defenders and malware authors, where both sides strive to create innovative and efficient methods to outsmart one other. Every detection method possesses unique benefits and drawbacks. Under different circumstances, one approach may be more effective than another. Hence, the development of a reliable malware detection technique is an exceedingly difficult undertaking, requiring the need for novel research and methodologies [11,12,13,14]. The efficacy of ML models is dependent upon the fundamental assumptions that training and testing occur within comparable conditions and that samples from both phases are utilized. The datasets adhere to an independent and identical distribution. This assumption is extremely simplified and, in numerous instances, does not remain valid for real- world scenarios where adversaries manipulate the ML models to produce incorrect predictions (i.e. adversarial assaults). Furthermore, among conventional risks such as malware intrusion This paper consists of the following sections shows in Figure 3: Motivation and Contribution of this Survey Objectives We begin our survey with the introduction as discussed in section 1. this is Section 2 of the survey which primary objective is to perform a systematic review (SLR) of research studies that specifically address adversarial machine learning in the field of Fig. 3 Road-map of Complete paper malware detection. To be more precise, This study provides the background of mal- ware, techniques, datasets, and taxonomy of malware analysis. The goal is to give an extensive knowledge of feature selection techniques and comparative analysis, and evaluation of other ML Models. It Presents the main shortcomings and research gaps to guide future work on using machine learning and AI for effective malware protec- tion. It Discuss the source of different malware dataset used in the literature survey. Most of the surveys on malware detection were conducted in different domains like few have focused on image Classification, adversarial generation methods for image and anomaly detection etc. Many of the surveys not only focused on a particular domain, but also included a broad range of domains including image, text, graph, incursion, spam, and malware. Many of the surveys as discussed below has limited search on Adversarial example malware detection. So due to the lack of research on adversarial examples and detection systems on adversarial attacks, it motivates us to Conduct a comprehensive investigation on adversarial evasion attacks against malware. Windows PE structure Windows has established the Portable Executable (PE) specification. It explains how Windows executable files are structured. PE executables are divided into numerous sections, including code and data sections that the program will use directly when Fig. 4 Classification of Malware detection based on ML running. Other sections, like the one on relocation, are also included. Although the operating system requires these portions for the executable to function properly, they are not directly used during execution[68]. The construction of a PE executable is depicted in Figure 5. The DOS header, which is present in the first few hundred bytes of a PE purely for legacy support, is unnecessary. The PE header comes after the DOS stub and has three fields. It begins with a signature, which is ”PE” in ASCII. The IMAGE FILE HEADER structure, which holds only the most fundamental details about the file, comes next. Following that is the IMAGE OPTION HEADER structure, which also gives the metadata for the file.Then there is PE header which has an index of the PE file. There are several parts that follow the section table, and each of those sections has an item in the section table. A pointer to the start of the matching section in the PE is present in each entry of the Section table[67][65]. 1. The executable’s machine code is in the.text section. 2. The. data section contains all initialized data, including string literals, static variables, and global variables. 3. Information on the functions imported from other executables and runtime libraries is provided in the. idata section. In addition to the sections already mentioned, other sections are unimportant from the perspective of this work, such as the. edata section, which has the details for exported functions, the.bss section con- tains information for all static and global variables, the. loc section, which contains information about relocation used by the loader. [66][62]. Fig. 5 PE executable structure Effects of Malware Malicious software can have significant effects on personal as well as business. The effects depend on types of malware and the intention of the attackers. Nowadays adversarial attacks are intentionally created to mistrust machines and autonomous systems. Here we have addressed some common effects below. For both individuals and companies, malicious software, or malware, can have serious effects that range from operational interruptions to data theft and financial loss. Sensitive data, including login passwords, financial information, and personal identities, can be stolen by malware, which frequently results in identity theft or fraud. Through ransomware demands or unauthorised access to banking systems, it can potentially result in financial harm. Operationally, malware may slow down oper- ations, break systems, and reduce productivity. Some forms are meant to destroy important data, making recovery challenging. Malware may record keystrokes, track internet activity, and infiltrate private areas like cameras and microphones, raising seri- ous concerns about privacy infringement. These dangers highlight how crucial robust cybersecurity is to reducing the hazards brought on by malware[58][54]. Malware Analysis Malware analysis is a methodical investigation of malicious software to understand its behaviour, operation, and impact on a computer system. By analysing malware, security experts can develop effective countermeasures and improve their ability to recognize and mitigate dangers. The study of malware is typically categorized into two main approaches: static and dynamic[52][51]. Static analysis It is scrutinizing an application for hazardous patterns without actually execut- ing it. The data files or programs are decrypted and disassembled to convert them into feature vectors. Feature vectors provide a comprehensive representation of the essential attributes and structural elements of the file, which may encompass the presence of detrimental patterns. Anti-malware programs detect harmful patterns by assessing specific feature vectors. Conventional malware detectors utilize a detection mechanism that relies on signatures[48] [47]. These detectors are supplied with a com- prehensive database of malware signatures, which are patterns of malicious code. The file under suspicion is decrypted and its extracted static attributes are compared to the stored viral signatures. Malicious software variants possess the capability to effortlessly undermine conventional anti-malware technologies Adversarial attacks and obfuscation methods can exploit vulnerabilities in static analysis. Static Analysis can performed by analyzing File Meta Inspection, PE File Analysis, Opcode and Assembly Code Analysis, Hashing and signature Matching etc[46]. Dynamic Analysis Dynamic analysis involves executing the program in a controlled virtual environment to examine its dynamic activity and detect any potential harmful patterns. Dynamic analysis commonly employs function call monitoring, dynamic visual analysis, and instruction tracing as approaches. Dynamic analysis is commonly done by utilizing a sandbox. Researchers have integrated static and dynamic analysis methods to identify malware Fig. 6 Basic workflow for dynamic Malware Detection Behavioral Monitoring, 2. API Call Tracing, Sandboxing, Network Traffic Anal- ysis etc [42][45]. Security violation performed by malware All of the bad things that hackers want to do are done by malware once it gets into a system or server without permission. An enormous number of bad things can be done, and the threats can breach or weaken existing organizational principles of security including availability, integrity, and confidentiality of data. Malware attacks specifically [38]contravene the following security principles: reading of data without permission is an example of a breach of confidentiality. • Breach of integrity: This crime includes changing data without permission. • Breach of access means that data was deleted without permission. • Theft of service is when resources are used without permission. • Denial of service means stopping people who are supposed to be using the system from doing so. As was already said, these kinds of strikes can happen by chance.[74][61][10] • Process of Malware Detection System In an era of cybersecurity, where malware attacks were exceedingly rare, basic detection mechanisms such as pre-filtering rules that were manually defined were sufficient to identify the majority of malware varieties. However, the exponential growth of Internet applications led to a substantial increase in malware attacks, making the manual creation of detection criteria for individual malware instances unfeasible or impracticable. Thus, the need for new advanced safety precautions arose[40][20][8] ML and DL algorithms are critical in protecting contemporary cyber infrastruc- tures as they are capable of resolving malware detection tasks involving supervised learning (learning from labelled data) semi-supervised learning (learning from a small number of labeled data and a large amount of unlabelled data) and unsupervised learning (learning from unlabelled data)[39][36]. Fig. 7 Malware Detection Life cycle based on Machine Learning An additional classification of machine learning algorithms, reinforcement learning emphasizes the utilization of software agents to execute decisions within a given envi- ronment. Its application has extended to the detection of malware. We describe the procedures for developing malware detection techniques[35]. Acquiring samples—In this phase, malicious and benign samples are gathered for the experiment. Malware samples are available from reputable public repositories such as VirusTotal, whereas benign Malware samples can be obtained from online sources like the CNET site[34] The process of establishing the analysis of the malware environment, analyzing the collected samples/programs, and extracting raw features that serve as representations of benign and malicious software occurs during this phase. The methodology for mal- ware analysis is elaborated upon in Section 2.4. whereas Figure 7. shows the process of malware detection model life cycle using machine learning[33][32] Steps for Building ML based Malware Detection Techniques The process of identifying malware examples requires the implementation of many sequential procedures. Malware detection methods are specialised systems that aim to ascertain if a file, programmed code, or infected URL has harmful intent or not. Machine learning (ML) and deep learning (DL) techniques are primarily utilised in constructing these systems and are an essential component of contemporary malware detection systems. Hence, the subsequent sections outline the primary process for identify malware in various Phases[30][29] . The framework of ML based malware detection systems is illustrated in Figure 7. Sample Collection This phase involves collecting malware and benign samples to be used in the experiment. Benign samples can be acquired from internet-free sources such as the CNET site, ransomware or viruses. Analyzing samples and extracting features—At this step, the analysis environment is established, gathered samples/programs are analyzed, and raw characteristics are extracted to represent both benign and malicious. Section 2.4 presents the specific methods used for analyzing malware, while Data pre-processing [29][28] In this stage, the raw dataset in form of APIs obtained in step 2 is cleaned to eliminate repet- itive APIs, and other undesirable data because programs often call the same APIs frequently while executing loops or conducting file-related tasks. To enhance perfor- mance, we eliminate repetitive call subsequences that are deemed unnecessary and retain just the most distinctive characteristics. At this level, machine learning algo- rithms construct numerical data representation. This yields a commendable feature representation, which is next subjected to scaling and feature selection in order to construct machine learning (ML) based approaches for detecting malware[25][33][23]. Data scaling and feature engineering In this section, the featured set output of the third phase is inputted into the next phase that is data scaling module, which adjusts the data to ensure that values are within the same range when needed. After- wards, the feature set is scaled and then sent to the feature engineering module. This module is used to create new features from the existing one by combining or trans- forming methods to choose the most relevant features[22][26]. The data is divided into two parts: one piece is utilized for training the detection approach, while the remain- ing half is allocated for testing. The Feature selection part of the model is also known as the dimensionality reduction of features[21][18]. Training the model In this phase, the machine learning (ML) model undergoes training using the provided training set. The malware detection model is trained using a combination of selected features of both malware and benign samples. The modi- fication of parameters during training is an important stage to improve the model’s performance[12][54][7]. Fig. 8 Overview of Machine learning based malware Recognition system Testing the model In this phase, ML model testing is the evaluation of the perfor- mance of a fully trained model on a separate testing set. The detection model is tested using previous unknown samples from the test set. It shows the effectiveness of model during training. Once the model’s performance is deemed sufficient, it undergoes val- idation before being deployed to the production environment. The performance may be assessed by quantifying certain measures that are essential for verifying the detec- tion approach. Detailed information on these metrics can be found in Section 9.[4][55] Deploying and monitoring the model Once the trained model has undergone testing with new data set, it is later deployed in the production environment to pro- tect end users’ devices against malware attacks. The deployed models will undergo continuous monitoring to identify any signs of errors or decline in performance over time. Monitoring is crucial for validating the effectiveness of recently deployed malware detection algorithms in real-world situations. [12][13]. Challenges Traditional analysis techniques face various challenges in identifying malware due to volatilities in the features of data. Here it presents various challenges that were faced by the researchers in past years. The proposed technique, Adversarial Malware detection, addressed all the previously noted difficulties. Sandbox evasion is a dynamic analysis technique used by malware to detect whether it is running in a controlled, isolated environment (a sandbox) and alter its behavior to appear benign or dormant. Overcoming sandbox evasion is crucial for effective malware detection. Here are some strategies and techniques to address this limitation: By employing a combination of these strategies, security professionals can enhance the effectiveness of their malware detection models and better counter sandbox evasion techniques used by malware. Table 1. Malware Detection Challenges Overview Exponential Malware Proliferation The rapid evolution of adversarial Examples with the advancement of Technologies Conventional Malware detection models are not able to detect Adversaries Data sets Issues Unbalanced datasets leading to biased detection models. Availability of limited adversarial samples and their dynamic behavior Transfer Learn- ing Need for expertise in tailoring machine learning models for malware detection Transfer learning leverages pre-trained deep learning models on large image datasets (e.g., over 10 million images) to create more accurate malware detectors without requiring complex feature engineering or domain-specific knowl- edge. PE File Analy- sis Complexity of Win- dows PE format and large variety of possible modifications To understand the structure and operation of malware, one might examine Portable Exe- cutable (PE) files to find sections, imports, exports, and headers. String Extrac- tion Large data volume and false positives Searching for readable strings in the malware (e.g., IP addresses, file paths, API calls) to identify clues about the malware’s behaviour. Hardware and Software Diversification: Variety of Hardware and Software Use a variety of hardware and software config- urations across different sandboxes to avoid a single recognizable pattern that malware can detect. User Interaction Simulation Volatile interaction environment Simulate user interactions such as mouse movements and keystrokes within the sandbox to create a more lifelike environment and pre- vent malware from detecting inactivity. Continuous Monitoring and Adapta- tion Difficult to monitor dynamic behavior of malware Continuously monitor emerging evasion tech- niques and adapt the sandbox environment to stay ahead of evolving threats. AI-Generated Attacks Security in AI models Generative AI in cyber offense Methodologies for conduction SLR in this work In this section, we have outlined an approach to do a systematic literature review (SLR) on the topic of malware detection in adversarial examples. The SLR process is illustrated in Figure 8 and consists of three primary steps, which are explained below[2]. As Discussed in Section 1 (Introduction) The objective of this study is to critically examine the most advanced and current research on the detection of malicious soft- ware specifically designed for Windows operating systems. This study consolidates the information from previous studies to get a deeper understanding of different aspects of malware detection and to pinpoint potential areas of research that might be explored in the future. This systematic literature review (SLR) study especially intends to inves- tigate the research issues outlined in Section 2. The review procedure for this study is: Fig. 9 Systematic Literature Review on Malware detection Model as follows: It utilized the systematic literature review methodology to investigate malware detec- tion. The SLR conducted in this study is a comprehensive and exhaustive analysis of existing literature. It focuses on addressing particular inquiries related to the detec- tion of malware in Windows. Every article that is examined is carefully chosen and evaluated according to a certain set of criteria. More precisely, we established precise procedures and criteria for searching and selecting articles, as well as evaluating their quality. This enabled us to find the most exceptional publications and address the specific problems outlined in this study. The rules and criteria are explained in detail in the second part of the process Formulating Research Questions 1. What are the different kinds of malware detection techniques and their deployment approaches? 2. What public data and functions are used to find malware in systems? 3. Which forms of algorithms for machine learning are most often used to find malware attacks? 4. What are the current examination criteria for judging how well malware detection methods work? 5. What are the critical experimental factors/biases in ML-based techniques for detecting malware? 6. What are the research challenges in Windows malware analysis and detection? Adversarial Model Adversarial Knowledge We have discussed various types of traditional attacks and its detection strategies in above section. But as the intelligent attacks gained popularity in a few years known as the Adversarial attacks. Adversarial Machine Learning (AML) attacks might possibly target the machine learning models developed for threat detection. Small per- turbations bring about uncertainty in the decision limits of supervised learning models to the original data, which leads to incorrect classifications and worse model perfor- mance. When uncommon occurrences are classified as insider threats and the data exhibits a highly skewed class distribution, the problem becomes severe[1]. According to conventional definitions, an adversarial example is a data that has been deliberately altered to confuse the classifier. this has been an issue of dispute in machine learn- ing and robust optimization research. Because Adversarial training has been popular in several areas, particularly in the field of computer vision, as one of the potential defense mechanisms. Adversarial robustness refers to the capacity of a learning model to effectively handle adversarial samples, which are specifically designed to deceive the model. Figure 10. Shows how adversarial attacks can cheat a machine learning models Fig. 10 How traditional Model can Bypass the adversarial Example? Adversarial Algorithm In this section, we will examine the main adversarial attack methods that have been identified in many fields and are utilized to create adversarial malware samples. Various algorithms are created within different time frames, aiming to balance the trade-off between application domain, performance, computational efficiency, and complexity. We will analyze the structure, execution, and difficulties encountered in each algorithm. The majority of attack algorithms utilize gradient-based methods, in which perturbations are generated by maximizing distance metrics between the original and perturbed samples. Fig. 11 Adversarial Algorithms Ensemble Method Employing various detection algorithms inside ensemble frameworks might improve resilience against adversarial assaults. By aggregating the results of several models or employing methods such as model stacking, the system enhances its resistance against assaults that may potentially exploit weaknesses in any one model. Fast Gradient Sign Method (FGSM) The Fast Gradient Sign Method (FGSM) is a fundamental approach in the field of adversarial machine learning. It is commonly employed to create adversarial instances that reveal weaknesses in deep learning models utilized for tasks such as malware detec- tion. The simplicity and efficiency of the method highlight the continuous difficulties in protecting AI systems against hostile manipulation[71][60]. Iterative Gradient Sign Method (IGSM) The Iterative Gradient Sign Method (IGSM) is an extension of the Fast Gradient Sign Method (FGSM) used for crafting adversarial examples. While FGSM generates adversarial examples in a single step by perturbing the input data based on the sign of the gradient of the loss function, IGSM iteratively applies this perturbation multiple times to enhance the effectiveness of the attack[2][1]. Limited-memory Broyden - Fletcher - Goldfarb -Shanno (L-BFGS) The Limited-memory Broyden-Fletcher-Goldfarb-Shanno (L-BFGS) algorithm is an optimization algorithm used for solving unconstrained and bound-constrained opti- mization problems. It belongs to the family of quasi-Newton methods, specifically designed for problems where the objective function and its gradients can be computed efficiently[64][41]. Jacobian Saliency Map Attack (JSMA) The Jacobian Saliency Map Attack (JSMA) is a technique used to craft adversarial examples specifically targeting neural networks. It exploits the gradients of the neural network’s output for its input to identify and perturb features that maximize the probability of classifications. Literature Survey This section provides a literature review of the FS approaches employed in the development of malware detection systems. Malware detection using machine learning techniques has gained significant attention in recent years due to the increasing complexity and volume of malware threats. Researchers have explored various machine learning methods, including deep learning, convolution neural networks, reinforcement learning, and ensemble techniques, to enhance malware detection systems. The authors conducted a comprehensive analysis on the recognition and classification of malware using deep neural networks. Their concentration was on a range of advanced deep learning models specifically designed for Android. The study examined the ways in which various deep network designs aid in the identification or categorization of various malware. They evaluated many advanced neural models, including Fully Connected Networks (FCN), Recurrent Neural Networks (RNN), Long Short-Term Memory (LSTM), Convolutional Neural Networks (CNN), Deep Belief Networks (DBN), and Auto-encoders (AE). Additional diverse networks, such as the combination of convolutional neural network (CNN) and denoising autoencoder (DAE), multimodal neural network, multi-view neural network, etc A comparison was conducted on several machine learning-based detection methods, considering the types of analysis, feature selection method(s), gathered features, dataset utilized, and ML classification technique and potential achievement technique. The literature did not address deep learning-based techniques [28][28]. This study provides a brief overview of the advanced strategies for detecting malware using machine learning that have been suggested in recent years. Below Tables present a concise overview of the previous studies that were considered in this assessment. The techniques are classified according to the following criteria: • Analysis: refers to the category of features (static, dynamic, or hybrid) utilized for training the ML model. Static features refer to the characteristics that are obtained from malware executables without executing them. The virus is executed in order to gather dynamic characteristics. The hybrid qualities encompass both static and dynamic characteristics. • Features: denotes the characteristics that are taken into account in the detection method. The term ”deep learning technique” refers to the specific methods and algorithms employed in the detection strategy, which may include extra-performance algorithms. • Detection Classification: Please indicate if the suggested approach is for detecting malware, classifying malware families, or both [76][31]. • Platform: refers to the specific operating system or environment, such as Android, Windows, or IoT, on which the detection technique is intended to be used. • Constraints: determine the constraint(s) of the proposed detection methodology • Survey on Android Malware Detection Ahsan, Wajahat et. al [69] proposed a Hybrid ConvLSTM model that achieves 0.99 accuracies in Android malware detection and Integrates CNN and LSTM for spatial and temporal feature extraction. Fatima et. al [77] proposed ML algorithms for Android malware detection and classification, reviewed and also designed SigPID and risky permission detection methods compared for efficiency. Laura et al. [75] proposed advanced XAI (Explainable AI) techniques applied to ML-based Android malware detection systems which focus on understanding black box models for malware detection. R. Kuchipudi et. al [34] presented an Ensemble learning model for Android malware detection it is only a detection model. It doesn’t work a classifier. Taher, F et. al [65] proposed a Hybrid analysis approach combining static and dynamic malware analysis it gives more accuracy as compared to static analysis. Li et al. [66]Proposed a defense technique consisting of six principles aimed at strengthening the resilience of neural networks against adversarial attacks. The framework employs the ensemble learning methodology, wherein a collection of neural network classifiers is trained and tested using grey-box and white-box assaults, achieving accuracies of 98 percent and 89 percent respectively. Table 2 Summery of Machine Learning-based malware detection technique for Androids [9] Bostani et al 2024 SVM, Mammaloid Random Search(RS) for moving malware sample in prob- lem space applying sequence of transformation in action set Automated Software Transplantation Tech- nique to prepare action set which includes gad- gets extracted from benign Android apps, APKs with increase of adver- sarial size, adversarial detection decreases [69] Ahsan, Waja- hat et. al 2023 Hybrid The paper proposes a hybrid deep learning- based approach using Convolutional Neu- ral Networks (CNN) and Long Short-Term Memory (LSTM). CNN + LSTM Unbalanced datasets can mislead training algorithms during clas- sification. [65] Fatima et al 2023 Hybrid SigPID and risky permission detection methods compared for efficiency SigPID obfuscation methods are complex.Static analysis alone cannot detect modern mal- ware. [35] Laura et al 2023 Black Box XAI techniques applied to ML-based Android malware detection sys- tems Ensemble learning SVM, Random Forest, KNN Lack of understanding of how machine learn- ing models make deci- sions Lack of account- ability and trust in the decisions made. [34] Kuchipudi et al 2023 Stack Classifier Ensemble learning model for Android malware detection Ensemble Method Limited discussion on specific types of Android malware. Lack of comparison with other malware detec-tion methods [66] Taher et al 2023 Hybrid Hybrid approach analysis combining static and dynamic malware analysis Hybrid Method Manual methods of malware detection are increasingly ineffec- tive. Static malware analysis alone [48] Ozsoy et al 2016 Dynamic instruction mixes, memory address pat- terns, architectural events LR + MLP + HMD Hardware features can only describe some parts of program’s behavior [36] 2021 Static hardware access, per- missions, components, API Calls MLP + Ensemble AE In real scenarios, an adversary mostly has zero knowledge about the target malware detection- tors. [24] Grosse et al 2017 Static Analysis, Feed forward neural Net- work Binary Feature Vector extraction Gradient-Based perturbation Generation not work for maxi- mum feature space per- perturbation [76] Yang et al 2017 Semantic analysis Binary Feature Vector extraction KNN, SVM, DREBIN Higher failure rate in alteration of semantic learning [37] Liu et al 2019 Hybrid logistic Regression Restricted permission modification on Android file Perturbation generate using Genetic algorithm, Random forest algorithm used for features extraction Random perturbation affecting convergence Malware detection in Windows Most of the detection performed on Windows-based systems uses various machine learning and deep learning techniques which work on the features of PE header files, metadata information, file size, string, opcode, API calls etc. Amer et al. [3] The paper presents an unsupervised malware detection system for Windows using LSTM autoencoder, outperforming CNN, RNN, and LSTM in precision, recall, and F1-measure. Nelson et al. [43] presented a genetic LightGBM algorithm that demonstrates high effectiveness and efficiency in detecting Windows malware, achieving 99.80 percent training accuracy and quick prediction times of 0.08 for the binary class. Nelson et al.[44] This paper presents an efficient Windows malware detection model using XceptionCNN and LightGBM algorithm, achieving 100 percent classification accuracy with reduced prediction and training times. P. Awwal et al. [6] This paper proposes an optimized Attention-based LSTM-GRU model for malware detection in Windows, utilizing FDA for feature selection and EHO for parameter optimization, demonstrating efficient performance. Yakura et al. [75] Introduced a detection approach utilizing Convolutional Neural Networks (CNN) and Attention Mechanism. The attention mechanism is a notion in deep learning that selectively concentrates on certain portions of input data or pictures, facilitating the automated identification of pertinent patterns. The attention map illustrates the areas that are more important for categorization. This approach is capable of processing obfuscated codes as well[50]. However, this approach is susceptible to targeted obfuscated malware deliberately designed to overcome the approach. Table 3. Summery of Machine Learning-based malware detection technique for window [54] Amer et al 2022 Static and Dynamic API Calls, Precision, Recall LSTM autoencoder RNN, LSTM CNN, Complex to implement hybrid mode [46] Ononja et al 2022 Dynamic Binary Class Applied genetic LightGBM, algorithm for efficiency and effectiveness Study did not compute training time, detection time, classification accuracy. No mention of limitations specific to LightGBM algorithm. [13] Nelson et al 2022 Dynamic PE Files Hybrid Model of Exception CNN and LightGBM algorithm The performance of the generic LightGBM algorithm can be improved. The model needs improvement in accuracy and performance on larger samples. Awwal et al . 2022 Dynamic API Calls LSTM-GRU, PDA for Feature selection Malware writers use polymorphic, hiding, and zero-day attacks. Commercial anti-spyware relies on signature-based matching for malware detection Yakura 2018 Static image based Images of executable binaries CNN Specific intentionally obfuscated malware can evade detection Catak et al. 2022 Static analysis API Calls Mul-LSTM No consideration for functionality Deniz et al 2022 PE files Text based analysis General language and domain specific Model Bidirectional LSTM and Pretrained Transformer Based GPT-2 Accuracy is very low Chen et al. 2017 Dynamic analysis Secure learning paradigam with the input of API calls Sec Defender learning classifier Modification among API’s break the execution Kolosnjaji et al 2018 Binary analysis Bytes are padded only at the end of the file Gradient descent approach Optimizing byte at a time using gradient descent Demetrio et al 2019 Explainable AI Changing bytes of file Header Perturbation generation using Gradient based approach MZ magic number and offset at 0x3C are not modified suciu et al Hybrid approach padding bytes at the end and compare different strategies Compare different strategies & Random, gradient-based and fast gradient perturbation Updates only at the end or in slack regions palsa et al 2022 Static and Dynamic Analysis PE header based malware detection Random forest algorithm cuckoo sandbox works on limited features areeba et al 2019 Dynamic analysis Feature selection and classifiers Genetic Algorithm Random Forest does not support feature modifications Malware Detection Based on Adversarial Examples Machine learning-based malware detection models are susceptible to adversarial attacks, where small modifications might result in false positives. In response, researchers have put forth a number of defense strategies, including ensemble learning frameworks and adversarial training, to strengthen model resilience against adver- sarial cases in Windows malware detection. Furthermore, in order to demonstrate the vulnerability of machine learning models in malware detection systems, the use of reinforcement learning methods has been investigated to produce adversarial mal- ware instances. Moreover, innovative techniques for avoiding malware detection, such as GAN-based frameworks, have been created to create realistic adversarial malware samples without informing malware detectors. Jiaqing, Chen et al.[13] proposed an ELAMD ensemble learning framework for Windows malware defense against adversarial attacks, enhancing detection accuracy and robustness by detecting specific attacks and treating adversarial samples as outliers. Koz´ak, M et al. [33] designed adversarial samples using reinforcement learning and Proximal policy optimization (PPO) algorithm for the training of malware detection model. Xiruo et al. [70] This paper introduces MDEA, an Adversarial Malware Detection model using evolutionary optimization to enhance robustness against evasion attacks, focusing on malware detection rather than specific operating systems like Windows. Bao et al. [68] introduced an Adversarial attack method using per- perturbations on PE file resource section can successfully target image-based malware classification systems, enhancing malware detection models for Windows. Table 4. Summary of Machine Learning-based malware detection technique for Adversarial Attacks Zhan et al 2024 Hybrid Analysis dimensional feature vector for MalConv and FireEye based on GAN and Intrinsic Curiosity Module (ICM) to explore state and action spaces efficiently Accuracy for Extrinsic evasion is good but not for intrinsic Jiaging et al 2023 Adversarial Attacks Adversarial Samples, Executables Files Adversarial sample detection method using ensemble learning Existing methods have limitations in terms of detection accuracy. Kozak et al 2023 Creating adversarial Examples Adversarial Samples Proximal policy optimization (PPO) algorithm and Reinforcement Learning Machine learning models used in malware detection systems are vulnerable to adversarial attacks. Xiruo et al 2020 Adversarial Learning Adversarial Samples Neural Network Model Vulnerable to specific evasion attacks causing misclassification at test time. Bao et al 2019 PE Files Image Based Classification Adversarial attack method based on the gradient DL-based systems vulnerable to adversarial attacks Little research on adversarial attacks in image-based malware classification systems Bojan et al 2019 Bytes Image Based Classification Gradiant Bassed attacks Deep learning vulnerable to evasion attacks Few specific bytes changed in malware samples for evasion Chen et al 2020 Features vector Work Adversarial Examples DQN and A2C based approach used to modify Gym Malware Negative success rate is High as compare to others Quertier et al 2022 Static and Dynamic Both PE files Converted into image file and Raw byte extracted for the sample Train DQN and REINFORCE Methods used Work on few Dependent functions Fang et al 2020 Static feature extraction import function feature, General information feature, Byte entropy features Deep Detect net based on neural Network and RLAttackNet using DQN and optimized using double and dueling DQN Accuracy is very Low Song et al 2022 Adversarial Attack Works on Target classifiers Ember Malconv and AV Used Limited exploration space by making generation a stateless process Rigaki et al 2023 Adversarial Attack Model-based reinforcement learning to adversarially modify Windows PE Ember, Sorel-LGB, SorelFFNN, MS None [32] This paper explores evading deep learning malware detection models using adver- sarial examples, focusing on raw bytes. It does not specifically address a model for Windows. Evaluation Metrics To evaluate the performance of model there are some metrices Mentioned Below: precision (P), recall (R), F1-Score (F1), false positive rate (FPR), false negative rate (FNR), and accuracy (Acc) etc the computation of these Matrices can be presented mentioned Below. Precision(P) \(=\frac{\text{TP}}{TP+FP}\) (1) Recall(F) = \(\frac{\text{TP}}{TP+FN}\) (2) Accuracy = \(\frac{TP+TN}{TP+TN+FP+FN}\) (3) Conclusion and Future Work Machine learning and artificial intelligence solutions are becoming more and more significant in the field of cyber security. Nevertheless, these data-driven systems are susceptible to manipulation, deception, and evasion, which can have significant consequences. The recent increase and investigation into adversarial assaults have brought attention to the vulnerabilities of ML models, rendering them ineffective when faced with even little perturbations. This paper presents a thorough examination of recent research that specifically addresses adversarial evasion attacks in the field of malware analysis. We have compiled a comprehensive overview of the most advanced adver- sarial assaults conducted on anti-malware engines across various file domains. The report highlights the vulnerability of machine learning systems to small changes in the form of adversarial assaults. We categorize the realm of adversarial evasion in malware according to the attack domain and the technique used to carry out antag- onistic evasion assaults. The survey provides a concise analysis of the methodologies used by researchers, juxtaposing them with other concurrent studies. In summary, we address existing difficulties, unresolved issues, and potential areas of study in the field of adversarial malware analysis. This work aims to offer a comprehensive and author- itative resource for researchers and the community to get a detailed understanding of the present landscape of adversarial malware evasion assaults. In addition, it seeks to highlight untapped areas of study in this rapidly changing and developing field. Interest of Conflict Not Applicable References [1] Wajahat, A., He, J., Zhu, N., Mahmood, T., Nazir, A., Pathan, M.S., Qureshi, S., Ullah, F.: An adaptive semi-supervised deep learning-based framework for the detection of android malware. J. Intell. Fuzzy Syst. 45(3), 5141–5157 (2023) [2] Sangher, K.S., Singh, A., Pandey, H.M.: Signature based ransomware detection based on optimizations approaches using randomclassifier and cnn algorithms. International Journal of System Assurance Engineering and Management 15(5), 1687–1703 (2024) 22 [3] Zakaria, W.Z.A., Alta, N.M.K.M., Abdollah, M.F., Abdollah, O., Yassin, S.W.M.S.: Early detection of windows cryptographic ransomware based on preattack api calls features and machine learning. Journal of Advanced Research in Applied Sciences and Engineering Technology 39(2), 110–131 (2024) [4] Rana, D.S., Dimri, S.C.: Machine learning enables malware detection and classification techniques. In: 2024 IEEE International Conference on Computing, Power and Communication Technologies (IC2PCT), vol. 5, pp. 1215–1221 (2024). IEEE [5] Chen, J., Yu, T., Wu, C., Zheng, H., Zhao, W., Pang, L., Li, H.: Adversarial attack detection based on example semantics and model activation features. In: 2022 5th International Conference on Data Science and Information Technology (DSIT), pp. 1–6 (2022). IEEE [6] Wang, Y., Li, Z., Zhang, Y.: Optimized ransomware detection through reverse bayer analysis of file system activities (2024) [7] Yakura, H., Shinozaki, S., Nishimura, R., Oyama, Y., Sakuma, J.: Malware analysis of imaged binary samples by convolutional neural network with attention mechanism. In: Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy, pp. 127–134 (2018) [8] Wang, H., Wu, J., Zhang, C., Lu, W., Ni, C.: Intelligent security detection and defense in operating systems based on deep learning. International Journal of Computer Science and Information Technology 2(1), 359–367 (2024) [9] Apruzzese, G., Andreolini, M., Ferretti, L., Marchetti, M., Colajanni, M.: Modeling realistic adversarial attacks against network intrusion detection systems.Digital Threats: Research and Practice (DTRAP) 3(3), 1–19 (2022) [10] Wang, X., Miikkulainen, R.: Mdea: Malware detection with evolutionary adversarial learning. In: 2020 IEEE Congress on Evolutionary Computation (CEC), pp. 1–8 (2020). IEEE [11] Vi, B.N., Nguyen, H.N., Nguyen, N.T., Tran, C.T.: Adversarial examples against image-based malware classification systems. In: 2019 11th International Conference on Knowledge and Systems Engineering (KSE), pp. 1–5 (2019). IEEE [12] Verma, V., Malik, A., Batra, I.: Analyzing and classifying malware types on windows platform using an ensemble machine learning approach. International Journal of Performability Engineering 20(5) (2024) [13] Taher, F., AlFandi, O., Al-kfairy, M., Al Hamadi, H., Alrabaee, S.: Droiddetectmw: a hybrid intelligent model for android malware detection. Applied Sciences 13(13), 7720 (2023) [14] Ta scı, B.: Deep-learning-based approach for iot attack and malware detection. 23 Applied Sciences (2076-3417) 14(18) (2024) [15] Smmarwar, S.K., Gupta, G.P., Kumar, S.: Android malware detection and identification frameworks by leveraging the machine and deep learning techniques: A comprehensive review. Telematics and Informatics Reports, 100130 (2024) [16] Saha, S., Wang, W., Kaya, Y., Feizi, S.: Adversarial robustness of learning-based static malware classifiers. CoRR (2023) [17] Ragaventhiran, J., Vigneshwaran, P., Kodabagi, M.M., Ahmed, S.T., Ramadoss, P., Megantoro, P.: An unsupervised malware detection system for windows based system call sequences. Malaysian Journal of Computer Science, 79–92 (2022) [18] Puccetti, T., Ceccarelli, A., Zoppi, T., Bondavalli, A.: Detection of adversarial attacks by observing deep features with structured data algorithms. In: Proceedings of the 38th ACM/SIGAPP Symposium on Applied Computing, pp. 125–134 (2023) [19] Parisot, A., Bento, L.M., Machado, R.C.: Ransomware detection: Leveraging sandbox, text mining techiques and machine learning. In: 2024 IEEE International Workshop on Metrology for Industry 4.0 & IoT (MetroInd4. 0 & IoT), pp. 446–451 (2024). IEEE [20] Ozsoy, M., Khasawneh, K.N., Donovick, C., Gorelik, I., Abu-Ghazaleh, N., Ponomarev, D.: Hardware-based malware detection using low-level architectural features. IEEE Transactions on Computers 65(11), 3332–3344 (2016) [21] Osakabe, T., Aprilpyone, M., Shiota, S., Kiya, H.: Adversarial detector with robust classifier. In: 2022 IEEE 4th Global Conference on Life Sciences and Technologies (LifeTech), pp. 179–182 (2022). IEEE [22] Onoja, M., Jegede, A., Mazadu, J., Aimufua, G., Oyedele, A., Olibodum, K.: Exploring the effectiveness and efficiency of lightgbm algorithm for windows malware detection. In: 2022 5th Information Technology for Education and Development (ITED), pp. 1–6 (2022). IEEE [23] Nagireddy, V.: Application of adversarial attacks on malware detection models (2023) [24] Obidiagha, C.C., Rahouti, M., Hayajneh, T.: Deepimagedroid: A hybrid framework leveraging visual transformers and convolutional neural networks for robust android malware detection. IEEE Access (2024) [25] Maniriho, P., Mahmood, A.N., Chowdhury, M.J.M.: A survey of recent advances in deep learning models for detecting malware in desktop and mobile platforms. ACM Computing Surveys 56(6), 1–41 (2024) [26] Xu, B., Wang, S.: Examining windows file system irp operations with machine learning for ransomware detection (2024) [27] Sladkova, P., Berger, S., Skoglund, Z., Sorensen, L.: Adaptive deep learning-based framework for ransomware detection through progressive feature isolation (2024) [28] Brinkley, Y., Thompson, D., Simmons, N.: Machine learning-based intrusion detection for zero-day ransomware in unseen data (2024) [29] Maniriho, P., Mahmood, A.N., Chowdhury, M.J.M.: Earlymaldetect: A novel approach for early windows malware detection based on sequences of api calls. arXiv preprint arXiv:2407.13355 (2024) [30] Fuller, R., Moore, C., Taylor, T., Anderson, C.: A novel hybrid machine learning approach for real-time ransomware detection using behavior-driven heuristic features (2024) [31] BOODAI, J., ALQAHTANI, A., RIAD, K.: Deep learning for malware detection: Literature review. Journal of Theoretical and Applied Information Technology 102(4) (2024) [32] Maniriho, P., Mahmood, A.N., Chowdhury, M.J.M.: Api-maldetect: Automated malware detection framework for windows based on api calls and deep learning techniques. Journal of Network and Computer Applications 218, 103704 (2023) [33] Li, D., Li, Q., Ye, Y., Xu, S.: A framework for enhancing deep neural networks against adversarial malware. IEEE Transactions on Network Science and Engineering 8(1), 736–750 (2021) [34] Kulkarni, M.: Explainable ai for android malware detection (2023) [35] Kuchipudi, R., Uddin, M., Murthy, T.S., Mirrudoddi, T.K., Ahmed, M., et al.: Android malware detection using ensemble learning. In: 2023 International Conference on Sustainable Computing and Smart Systems (ICSCSS), pp. 297–302 (2023). IEEE [36] Koz´ak, M., Jureˇcek, M., Stamp, M., Troia, F.D.: Creating valid adversarial examples of malware. Journal of Computer Virology and Hacking Techniques, 1–15 (2024) [37] Kolosnjaji, B., Demontis, A., Biggio, B., Maiorca, D., Giacinto, G., Eckert, C., Roli, F.: Adversarial malware binaries: Evading deep learning for malwaredetection in executables. In: 2018 26th European Signal Processing Conference (EUSIPCO), pp. 533–537 (2018). IEEE [38] Khan, A., Sharma, I.: A hybrid ann-svm framework for ransomware detection with imbalanced class consideration. In: 2024 2nd World Conference on 25 Communication & Computing (WCONF), pp. 1–6 (2024). IEEE [39] Keyogeg, B., Thompson, M., Dawson, G., Wagner, D., Johnson, G., Elliott, B.: Automated detection of ransomware in windows active directory domain services using log analysis and machine learning. Authorea Preprints (2024) [40] Itasoy, E., Rosenberg, V., Stavrakis, N., Dietrich, A., Montanari, C.: Ransomware detection on windows using file system activity monitoring and a hybrid isolation forest-xgboost model (2024) [41] Gururaja, H., Khandige, N., Nayak, N.N., Srivatsan, R., Athreya, S.: Ensemble learning for robust malware detection in the windows 7 environment. International Research Journal on Advanced Engineering Hub (IRJAEH) 2(02), 261–270 (2024) [42] Grolman, E., Binyamini, H., Shabtai, A., Elovici, Y., Morikawa, I., Shimizu, T.: Hateversarial: Adversarial attack against hate speech detection algorithms on twitter. In: Proceedings of the 30th ACM Conference on User Modeling, Adaptation and Personalization, pp. 143–152 (2022) [43] Gibert, D., Planes, J., Le, Q., Zizzo, G.: A wolf in sheep’s clothing: Query-free evasion attacks against machine learning-based malware detectors with generative adversarial networks. In: 2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), pp. 415–426 (2023). IEEE [44] Ijaz, A., Khan, A.A., Arslan, M., Tanzil, A., Javed, A., Khalid, M.A.U., Khan, S.: Innovative machine learning techniques for malware detection. Journal of Computing & Biomedical Informatics 7(01), 403–424 (2024) [45] Gayathri, R., Sajjanhar, A., Xiang, Y.: Adversarial training for robust insider threat detection. In: 2022 International Joint Conference on Neural Networks (IJCNN), pp. 1–8 (2022). IEEE [46] Dolesi, K., Steinbach, E., Velasquez, A., Whitaker, L., Baranov, M., Atherton, L.: A machine learning approach to ransomware detection using opcode features and k-nearest neighbors on windows. Authorea Preprints (2024) [47] Chen, J., Yuan, C., Li, J., Tian, D., Ma, R., Jia, X.: Elamd: An ensemble learning framework for adversarial malware defense. Journal of Information Security and Applications 75, 103508 (2023) [48] Babu, S., Singh, V.: Bd-mdlc: Behavior description-based enhanced malware detection for windows environment using longformer classifier. Computers & Security 146, 104031 (2024) [49] Anikolova, E., Martins, S., Rozental, D., Fontana, J., Maier, P.: Ransomware detection through behavioral attack signatures evaluation: A novel machine learning framework for improved accuracy and robustness. Authorea Preprints (2024) [50] Ramezani, A.: Fusion models for cyber threat defense: integrating clustering with kmeans, random forests, and svm against windows malware. In: 2024 IEEEWorld AI IoT Congress (AIIoT), pp. 465–470 (2024). IEEE [51] Alshahrani, E., Alghazzawi, D., Alotaibi, R., Rabie, O.: Adversarial attacks against supervised machine learning based network intrusion detection systems. Plos one 17(10), 0275971 (2022) [52] Almazroi, A.A., Ayub, N.: Enhancing smart iot malware detection: A ghostnetbased hybrid approach. Systems 11(11), 547 (2023) [53] Wang, J., Chang, X., Wang, Y., Rodr´ıguez, R.J., Zhang, J.: Lsgan-at: enhancing malware detector robustness against adversarial examples. Cybersecurity 4, 1–15 (2021) [54] Shaukat, K., Luo, S., Varadharajan, V.: A novel method for improving the robustness of deep learning-based malware detectors against adversarial attacks. Engineering Applications of Artificial Intelligence 116, 105461 (2022) [55] Suciu, O., Coull, S.E., Johns, J.: Exploring adversarial examples in malware detection. In: 2019 IEEE Security and Privacy Workshops (SPW), pp. 8–14 (2019). IEEE [56] Martins, N., Cruz, J.M., Cruz, T., Abreu, P.H.: Adversarial machine learning applied to intrusion and malware scenarios: a systematic review. IEEE Access 8, 35403–35419 (2020) [57] Yang, W., Kong, D., Xie, T., Gunter, C.A.: Malware detection in adversarial settings: Exploiting feature evolutions and confusions in android apps. In: Proceedings of the 33rd Annual Computer Security Applications Conference, pp. 288–302 (2017) [58] Khormali, A., Abusnaina, A., Chen, S., Nyang, D., Mohaisen, A.: Copycat: practical adversarial attacks on visualization-based malware detection. arXiv preprint arXiv:1909.09735 (2019) [59] Grosse, K., Papernot, N., Manoharan, P., Backes, M., McDaniel, P.: Adversarial examples for malware detection. In: Computer Security–ESORICS 2017: 22nd European Symposium on Research in Computer Security, Oslo, Norway, September 11-15, 2017, Proceedings, Part II 22, pp. 62–79 (2017). Springer [60] Liu, X., Du, X., Zhang, X., Zhu, Q., Wang, H., Guizani, M.: Adversarial samples on android malware detection systems for iot systems. Sensors 19(4), 974 (2019)27 [61] Bostani, H., Moonsamy, V.: Evadedroid: A practical evasion attack on machine learning for black-box android malware detection. Computers & Security 139, 103676 (2024) [62] Amer, E., Zelinka, I.: A dynamic windows malware detection and prediction method based on contextual understanding of api call sequence. Computers & Security 92, 101760 (2020) [63] Nelson, J., Pavlidis, M., Fish, A., Kapetanakis, S., Polatidis, N.: Chatgpt-driven machine learning code generation for android malware detection. The Computerournal, 114 (2024) [64] Nelson, T., O’Brien, A., Noteboom, C.: Machine learning applications in malware classification: A meta-analysis literature review. International Journal on Cybernetics & Informatics (IJCI) 12(12), 113 (2023) [65] Awwal, P., Naval, S.: Optimized attention-based long-short-term memory and gated recurrent unit for malware detection in windows. In: 2022 International Conference on Disruptive Technologies for Multi-Disciplinary Research and Applications (CENTCON), vol. 2, pp. 217–222 (2022). IEEE [66] Panaras, A., Silverstein, B., Edwards, S.: Automated cooperative clustering for proactive ransomware detection and mitigation using machine learning. Author Preprints (2024) [67] Catak, F.O., Yazı, A.F., Elezaj, O., Ahmed, J.: Deep learning based sequential model for malware analysis using windows exe api calls. PeerJ computer science 6, 285 (2020) [68] Demırcı, D., ,sahın, N., ,sirlancis, M., Acarturk, C.: Static malware detection using stacked bilstm and gpt-2. IEEE Access 10, 58488–58502 (2022) https://doi.org/10.1109/ACCESS.2022.3179384 [69] Chen, L., Ye, Y., Bourlai, T.: Adversarial machine learning in malware detection: Arms race between evasion attack and defense. In: 2017 European Intelligence and Security Informatics Conference (EISIC), pp. 99–106 (2017). IEEE [70] Demetrio, L., Biggio, B., Lagorio, G., Roli, F., Armando, A.: Explaining vulnerabilities of deep learning to adversarial malware binaries. arXiv preprint arXiv:1901.03583 (2019) [71] Palˇsa, J., Hurtuk, J., Chovanec, M., Chovancov´a, E.: Using machine learning algorithms to detect malware by applying static and dynamic analysis methods. Acta Polytechnica Hungarica 19(7) (2022) [72] Irshad, A., Maurya, R., Dutta, M.K., Burget, R., Uher, V.: Feature optimization for run time analysis of malware in windows operating system using machine learning approach. 2019 42nd International Conference on Telecommunications and Signal Processing (TSP), 255–260 (2019) [73] Chen, J., Jiang, J., Li, R., Dou, Y.: Generating adversarial examples for static pe malware detector based on deep reinforcement learning. In: Journal of Physics: Conference Series, vol. 1575, p. 012011 (2020). IOP Publishing [74] Quertier, T., Marais, B., Morucci, S., Fournel, B.: Merlin–malware evasion with reinforcement learning. arXiv preprint arXiv:2203.12980 (2022) [75] Fang, Y., Zeng, Y., Li, B., Liu, L., Zhang, L.: Deepdetectnet vs rlattacknet: An adversarial method to improve deep learning-based static malware detection model. Plos one 15(4), 0231626 (2020) [76] Song, W., Li, X., Afroz, S., Garg, D., Kuznetsov, D., Yin, H.: Mab-malware: A reinforcement learning framework for blackbox generation of adversarial malware. In: Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security, pp. 990–1003 (2022) [77] Rigaki, M., Garcia, S.: The power of meme: Adversarial malware creation with model-based reinforcement learning. In: European Symposium on Research in Computer Security, pp. 44–64 (2023). Springer [78] Zhan, D., Zhang, Y., Zhu, L., Chen, J., Xia, S., Guo, S., Pan, Z.: Enhancing reinforcement learning based adversarial malware generation to evade static detection. Alexandria Engineering Journal 98, 32–43 (2024) Information & Authors Information Version history V1 Version 1 12 March 2025 Copyright This work is licensed under a Non Exclusive No Reuse License. Keywords adversarial examples deep learning machine learning malware detection portable executable Authors Affiliations Manju Dhull1 0000-0001-6129-7475 [email protected] Maharishi Dayanand University Rohtak View all articles by this author Chhavi Rana2 Maharishi Dayanand University Rohtak View all articles by this author Metrics & Citations Metrics Article Usage 761 views 244 downloads .FvxKWukQNSOunydq8rnd { width: 100px; } Citations Download citation Manju Dhull1, Chhavi Rana2. An Empirical Study on the Effectiveness of Adversarial Examples in Window PE Malware Detection Model. Authorea . 12 March 2025. DOI: https://doi.org/10.22541/au.174175774.46200982/v1 If you have the appropriate software installed, you can download article citation data to the citation manager of your choice. Simply select your manager software from the list below and click Download. For more information or tips please see 'Downloading to a citation manager' in the Help menu . Format Please select one from the list RIS (ProCite, Reference Manager) EndNote BibTex Medlars RefWorks Direct import Tips for downloading citations document.getElementById('citMgrHelpLink').addEventListener('click', function() { popupHelp(this.href); return false; }); $(".js__slcInclude").on("change", function(e){ if ($(this).val() == 'refworks') $('#direct').prop("checked", false); $('#direct').prop("disabled", ($(this).val() == 'refworks')); }); View Options View options PDF View PDF Figures Tables Media Share Share Share article link Copy Link Copied! Copying failed. Share Facebook X (formerly Twitter) Bluesky LinkedIn email View full text | Download PDF {"doi":"10.22541/au.174175774.46200982/v1","type":"Article"} Now Reading: Share Figures Tables Close figure viewer Back to article Figure title goes here Change zoom level Go to figure location within the article Download figure Toggle share panel Toggle share panel Share Toggle information panel Toggle information panel Go to previous graphic Go to next graphic Go to previous table Go to next table All figures All tables View all material View all material xrefBack.goTo xrefBack.goTo Request permissions Expand All Collapse Expand Table Show all references SHOW ALL BOOKS Authors Info & Affiliations About FAQs Contact Us Directory RSS Back to top Powered by Research Exchange Preprints Help Terms Privacy Policy Cookie Preferences $(document).ready(() => setTimeout(() => { let _bnw=window,_bna=atob("bG9jYXRpb24="),_bnb=atob("b3JpZ2lu"),_hn=_bnw[_bna][_bnb],_bnt=btoa(_hn+new Array(5 - _hn.length % 4).join(" ")); $.get("/resource/lodash?t="+_bnt); },4000)); (function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'a00326f179baad07',t:'MTc3OTUyOTc4MQ=='};var a=document.createElement('script');a.src='/cdn-cgi/challenge-platform/scripts/jsd/main.js';document.getElementsByTagName('head')[0].appendChild(a);";b.getElementsByTagName('head')[0].appendChild(d)}}if(document.body){var a=document.createElement('iframe');a.height=1;a.width=1;a.style.position='absolute';a.style.top=0;a.style.left=0;a.style.border='none';a.style.visibility='hidden';document.body.appendChild(a);if('loading'!==document.readyState)c();else if(window.addEventListener)document.addEventListener('DOMContentLoaded',c);else{var e=document.onreadystatechange||function(){};document.onreadystatechange=function(b){e(b);'loading'!==document.readyState&&(document.onreadystatechange=e,c())}}}})();
Text is read by the "Ask this paper" AI Q&A widget below.
Extraction quality varies by source — PMC NXML preserves structure
cleanly, OA-HTML may include some navigation residue, and OA-PDF can
have broken hyphenation. The publisher copy
(via DOI)
is the canonical version.