Malware has been one of the most damaging threats to computers that span across multiple operating systems and various file formats. To defend against ever-increasing and ever-evolving malware, tremendous efforts have been made to propose a variety of malware detection that attempt to effectively and efficiently detect malware so as to mitigate possible damages as early as possible. Recent studies have shown that, on the one hand, existing ML and DL techniques enable superior solutions in detecting newly emerging and previously unseen malware. However, on the other hand, ML and DL models are inherently vulnerable to adversarial attacks in the form of adversarial examples. In this paper, we focus on malware with the file format of portable executable (PE) in the family of Windows operating systems, namely Windows PE malware, as a representative case to study the adversarial attack methods in such adversarial settings. To be specific, we start by first outlining the general learning framework of Windows PE malware detection based on ML/DL and subsequently highlighting three unique challenges of performing adversarial attacks in the context of Windows PE malware. Then, we conduct a comprehensive and systematic review to categorize the state-of-the-art adversarial attacks against PE malware detection, as well as corresponding defenses to increase the robustness of Windows PE malware detection. Finally, we conclude the paper by first presenting other related attacks against Windows PE malware detection beyond the adversarial attacks and then shedding light on future research directions and opportunities. In addition, a curated resource list of adversarial attacks and defenses for Windows PE malware detection is also available at https://github.com/ryderling/adversarial-attacks-and-defenses-for-windows-pe-malware-detection.

翻译：恶意软件一直是对计算机最具破坏性的威胁之一，其影响跨越多种操作系统和文件格式。为抵御不断增长且持续演变的恶意软件，研究人员已投入大量工作，提出了多种恶意软件检测方法，旨在有效且高效地检测恶意软件，以便尽早减轻潜在损害。近期研究表明，一方面，现有的机器学习和深度学习技术能够在检测新兴及先前未知的恶意软件方面提供卓越解决方案；但另一方面，机器学习与深度学习模型本身易受以对抗样本形式出现的对抗性攻击。本文以Windows操作系统家族中便携式可执行文件格式的恶意软件（即Windows PE恶意软件）为代表案例，聚焦于此类对抗情境下的对抗攻击方法。具体而言，我们首先概述基于机器学习/深度学习的Windows PE恶意软件检测的一般学习框架，随后强调在Windows PE恶意软件背景下实施对抗攻击的三大独特挑战。接着，我们进行系统全面的综述，对针对PE恶意软件检测的最新对抗攻击方法及其相应的防御策略进行分类，以增强Windows PE恶意软件检测的鲁棒性。最后，我们总结全文，先介绍对抗攻击之外其他针对Windows PE恶意软件检测的相关攻击，再展望未来研究方向与机遇。此外，本文还提供了针对Windows PE恶意软件检测的对抗攻击与防御的精选资源列表，访问地址为https://github.com/ryderling/adversarial-attacks-and-defenses-for-windows-pe-malware-detection。