Deceiving AI-based malware detection through polymorphic attacks

Malware detection is one of the most important tasks in cybersecurity. Recently, increasing interest in Convolutional Neural Networks (CNN) and Machine Learning algorithms, which are widely used in image analysis and predictive modelling, led to their use in static malware classification and to the application of these powerful tools in computer industry and industrial internet of things. Many studies claim that the static malware detection approach, under well-defined conditions, can deliver fast and accurate malware classification results with relatively little human effort once the framework is implemented, relying solely on the binary content of the file. This becomes evident if we compare static malware detection to other techniques of dynamic nature. The focus of our research is to highlight strengths and weaknesses of CNNs used for static malware detection, starting from images obtained from byte-wise conversion of binary executable files to pixel images to critically analyze the assumptions underlying the performance of this type of technique.