In recent years, the application of machine learning techniques based on byte sequences in malware detection has become a prominent research area. However, relevant studies have shown that machine learning methods are susceptible to adversarial examples, and the use of byte sequences provides attackers with a convenient avenue for manipulation. Current research efforts primarily focus on data augmentation techniques to enhance detection capabilities. But these approaches require significant computational resources and lack robustness. In this paper, we propose a novel defense mechanism against adversarial attacks in the context of malware detection. Our approach effectively thwarts adversarial attacks by scanning the functionality-preserving attack space. Unlike existing methods, our approach eliminates the need for repetitive retraining, significantly reducing computational demands. Theoretically, it can also withstand unknown adversarial perturbations. Experimental validation demonstrates that our method not only maintains the prediction accuracy of MalConv but also enhances it. Furthermore, our best method successfully defended against almost all existing black-box and white-box attacks, reducing the number of escaping files from multiple to zero.

中文翻译：

---

通过攻击空间管理防御恶意软件检测中的对抗性攻击

近年来，基于字节序列的机器学习技术在恶意软件检测中的应用已成为一个突出的研究领域。然而相关研究表明，机器学习方法容易受到对抗性例子的影响，而字节序列的使用为攻击者提供了便利的操纵途径。目前的研究工作主要集中在数据增强技术上，以增强检测能力。但这些方法需要大量的计算资源并且缺乏鲁棒性。在本文中，我们提出了一种在恶意软件检测背景下针对对抗性攻击的新颖防御机制。我们的方法通过扫描功能保留攻击空间来有效阻止对抗性攻击。与现有方法不同，我们的方法消除了重复再训练的需要，从而显着降低了计算需求。理论上，它还可以承受未知的对抗性扰动。实验验证表明，我们的方法不仅保持了 MalConv 的预测精度，而且还提高了它。此外，我们的最佳方法成功防御了几乎所有现有的黑盒和白盒攻击，将逃逸文件的数量从多个减少到零。