Malware has been a long-running and persistent problem in computer security. Improvements in malware detection can benefit the field and society at large. Recently there has been an explosion of academic research papers on predicting malicious content using machine learning. However, existing machine learning methods are fragile: it is easy for attackers to make small changes to their malware to fool the classifier and evade detection. In this talk, I will discuss the shortcomings of the recent work in attacks and defenses in ML-based malware detection, such as the lack of consistent and comparable threat models, incomplete evaluation criteria and the lack of benchmark dataset to track progress. I will conclude with future recommendations to advance the research in this area.
Dr. Sadia Afroz is a research scientist at the International Computer Science Institute (ICSI). Her work focuses on anti-censorship, anonymity and adversarial learning. Her work on adversarial authorship attribution received the 2013 Privacy Enhancing Technology (PET) award, the best student paper award at the 2012 Privacy Enhancing Technology Symposium (PETS) and the 2014 ACM SIGSAC dissertation award (runner-up).