Deep learning technology has made great achievements in the field of image. In order to defend against malware attacks, researchers have proposed many Windows malware detection models based on deep learning. However, deep learning models are vulnerable to adversarial example attacks. Malware can generate adversarial malware with the same malicious function to attack the malware detection model and evade detection of the model. Currently, many adversarial defense studies have been proposed, but existing adversarial defense studies are based on image sample and cannot be directly applied to malware sample. Therefore, this paper proposes an adversarial malware defense method based on adversarial training. This method uses preprocessing to defend simple adversarial examples to reduce the difficulty of adversarial training. Moreover, this method improves the adversarial defense capability of the model through adversarial training. We experimented with three attack methods in two sets of datasets, and the results show that the method in this paper can improve the adversarial defense capability of the model without reducing the accuracy of the model.

翻译：深度学习技术在图像领域取得了巨大成就。为防御恶意软件攻击，研究人员提出了多种基于深度学习的Windows恶意软件检测模型。然而，深度学习模型易受对抗样本攻击。恶意软件可生成具有相同恶意功能的对抗性恶意软件，以攻击恶意软件检测模型并规避其检测。当前虽已提出诸多对抗性防御研究，但现有工作多基于图像样本，无法直接应用于恶意软件样本。因此，本文提出一种基于对抗训练的对抗性恶意软件防御方法。该方法通过预处理防御简单对抗样本以降低对抗训练难度，并利用对抗训练提升模型的对抗防御能力。我们在两组数据集上对三种攻击方法进行了实验，结果表明：本文方法能在不降低模型准确率的前提下，有效提升模型的对抗防御能力。