An Adversarial Attack on ML-Based IoT Malware Detection Using Binary Diversification Techniques

The integration of machine learning (ML) has revolutionized malware detection, enabling accurate identification of subtle distinctions between malware and benignware. As the threat landscape continually evolves and new malware strains emerge, conventional signature-based detectors are becoming increasingly inadequate, leading to a growing reliance on ML-based detectors. However, ML-based detection systems are particularly vulnerable to adversarial attacks, where subtle alterations to input samples can deceive detectors into misclassifying malware as benignware, highlighting the need for robustness studies, as such misclassifications can lead to significant damage. To this end, we stage a black-box attack on IoT malware detection systems, specifically targeting structure-based detectors, which are predominant due to their ability to detect malware across diverse CPU architectures in IoT environments. Our strategy employs semantic-preserving binary diversification techniques, including function inlining, branch function insertion, control flow graph flattening, and basic block merging and reordering, to modify malware binaries and evade detection. We train a multi-structural substitute detector (based on a combination of control flow graph and function call graph features) on a large-scale dataset of IoT ELF binaries, achieving detection rates of up to 98.24%. Using explainable AI (XAI), we transfer the attack to four structural target detectors, achieving evasion rates of up to 100% on certain detectors, with an average binary size increase of just 8.35%. The modified samples evade detection by a state-of-the-art adversarial detector and several commercial antivirus engines, highlighting the persistent challenge of defending against adversarial threats and emphasizing the need for enhanced and multi-faceted defense mechanisms.