Malware, or software designed with harmful intent, is an ever-evolving threat that can have drastic effects on both individuals and institutions. Neural network malware classification systems are key tools for combating these threats but are vulnerable to adversarial machine learning attacks. These attacks perturb input data to cause misclassification, bypassing protective systems. Existing defenses often rely on enhancing the training process, thereby increasing the model's robustness to these perturbations, which is quantified using verification. While training improvements are necessary, we propose focusing on the verification process used to evaluate improvements to training. As such, we present a case study that evaluates a novel verification domain that will help to ensure tangible safeguards against adversaries and provide a more reliable means of evaluating the robustness and effectiveness of anti-malware systems. To do so, we describe malware classification and two types of common malware datasets (feature and image datasets), demonstrate the certified robustness accuracy of malware classifiers using the Neural Network Verification (NNV) and Neural Network Enumeration (nnenum) tools, and outline the challenges and future considerations necessary for the improvement and refinement of the verification of malware classification. By evaluating this novel domain as a case study, we hope to increase its visibility, encourage further research and scrutiny, and ultimately enhance the resilience of digital systems against malicious attacks.

翻译：恶意软件，即旨在造成危害的软件，是一种不断演变的威胁，对个人和机构均可产生严重影响。神经网络恶意软件分类系统是应对此类威胁的关键工具，但易受对抗性机器学习攻击。这些攻击通过扰动输入数据导致分类错误，从而绕过防护系统。现有防御措施通常依赖增强训练过程，以此提升模型对此类扰动的鲁棒性，并通过验证加以量化。虽然训练改进不可或缺，但我们主张将重点聚焦于用于评估训练改进效果的验证流程。为此，我们提出一项案例研究，评估一种新型验证领域，该领域将有助于确保针对对抗攻击的切实防御，并为评估反恶意软件系统的鲁棒性与有效性提供更可靠的手段。本研究具体描述了恶意软件分类方法及两类常见恶意软件数据集（特征数据集与图像数据集），利用神经网络验证工具（NNV）和神经网络枚举工具（nnenum）展示了恶意软件分类器的认证鲁棒性精度，并指出了改进与完善恶意软件分类验证所需面临的挑战及未来考量。通过将此新领域作为案例研究进行评估，我们期望提升其关注度，鼓励进一步研究与审视，从而最终增强数字系统抵御恶意攻击的韧性。