DRSM: De-Randomized Smoothing on Malware Classifier Providing Certified Robustness
Authors: Shoumik Saha, Wenxiao Wang, Yigitcan Kaya, Soheil Feizi, Tudor Dumitras
ICLR 2024 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | To our knowledge, we are the first to offer certified robustness in the realm of static detection of malware executables. More surprisingly, through evaluating DRSM against 9 empirical attacks of different types, we observe that the proposed defense is empirically robust to some extent against a diverse set of attacks, some of which even fall out of the scope of its original threat model. |
| Researcher Affiliation | Academia | Shoumik Saha, Wenxiao Wang, Yigitcan Kaya, Soheil Feizi & Tudor Dumitras {smksaha, wwx, cankaya, sfeizi, tudor}@umd.edu Department of Computer Science University of Maryland College Park |
| Pseudocode | No | The paper does not contain structured pseudocode or algorithm blocks. Figure 7 shows a model architecture diagram, but not pseudocode. |
| Open Source Code | Yes | Our code and dataset are available at https://github.com/Shoumik Saha/DRSM |
| Open Datasets | Yes | In addition, we collected 15.5K recent benign raw executables from diverse sources, which will be made public as a dataset called PACE (Publicly Accessible Collection(s) of Executables)... Our code and dataset are available at https://github.com/Shoumik Saha/DRSM |
| Dataset Splits | Yes | We split our dataset into 70:15:15 ratios for train, validation, and test sets, respectively. |
| Hardware Specification | Yes | All the models were re-trained for 10 epochs. We trained the models using multiple gpus at different times. But mostly used gpus were 4 NVIDIA RTX A4000 and 2 RTX A5000. |
| Software Dependencies | No | The paper mentions software like the 'secml-malware python library' and 'IDAPro disassembler' but does not provide specific version numbers for any software dependencies. |
| Experiment Setup | Yes | For our optimizer, we used Optimizer: SGD learning-rate: 0.01 momentum: 0.9 nesterov: True weight-decay: 1e 3. For training on VTFeed and our dataset, the batch size was 16 and 32, respectively. All the models were re-trained for 10 epochs. |