MultiEvasion: Evasion Attacks Against Multiple Malware Detectors

End-to-end malware detection analyzes raw bytes of programs with deep neural networks. It is considered as a new promising approach to simplify feature selection in static analysis but still provide accurate detection. Unfortunately, recent studies show that evasion attacks can modify raw bytes of malware and force a well-trained detector to predict the crafted malware as benign. In this paper, we propose a new evasion attack and validate the vulnerability of end-to-end malware detection in the context of multiple detectors, where our evasion attack MultiEvasion can defeat two (or even three) classifiers simultaneously without affecting functionalities of malware. This raises emerging concerns to end-to-end malware detection as running multiple classifiers was considered as one of the major countermeasures against evasion attacks. Specifically, our experimental results over real-world datasets show that our proposed attack can achieve 99.5% evasion rate against two classifiers and 18.3% evasion rate against three classifiers. Our findings suggest that the security of end-to-end malware detection need to be carefully examined before being applied in the real world.