Saved in:
Bibliographic Details
Main Authors: He, Ping, Mao, Yuhao, Li, Changjiang, Cavallaro, Lorenzo, Wang, Ting, Ji, Shouling
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2505.10903
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866913841808408576
author He, Ping
Mao, Yuhao
Li, Changjiang
Cavallaro, Lorenzo
Wang, Ting
Ji, Shouling
author_facet He, Ping
Mao, Yuhao
Li, Changjiang
Cavallaro, Lorenzo
Wang, Ting
Ji, Shouling
contents Malware presents a persistent threat to user privacy and data integrity. To combat this, machine learning-based (ML-based) malware detection (MD) systems have been developed. However, these systems have increasingly been attacked in recent years, undermining their effectiveness in practice. While the security risks associated with ML-based MD systems have garnered considerable attention, the majority of prior works is limited to adversarial malware examples, lacking a comprehensive analysis of practical security risks. This paper addresses this gap by utilizing the CIA principles to define the scope of security risks. We then deconstruct ML-based MD systems into distinct operational stages, thus developing a stage-based taxonomy. Utilizing this taxonomy, we summarize the technical progress and discuss the gaps in the attack and defense proposals related to the ML-based MD systems within each stage. Subsequently, we conduct two case studies, using both inter-stage and intra-stage analyses according to the stage-based taxonomy to provide new empirical insights. Based on these analyses and insights, we suggest potential future directions from both inter-stage and intra-stage perspectives.
format Preprint
id arxiv_https___arxiv_org_abs_2505_10903
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle On the Security Risks of ML-based Malware Detection Systems: A Survey
He, Ping
Mao, Yuhao
Li, Changjiang
Cavallaro, Lorenzo
Wang, Ting
Ji, Shouling
Cryptography and Security
Artificial Intelligence
Software Engineering
Malware presents a persistent threat to user privacy and data integrity. To combat this, machine learning-based (ML-based) malware detection (MD) systems have been developed. However, these systems have increasingly been attacked in recent years, undermining their effectiveness in practice. While the security risks associated with ML-based MD systems have garnered considerable attention, the majority of prior works is limited to adversarial malware examples, lacking a comprehensive analysis of practical security risks. This paper addresses this gap by utilizing the CIA principles to define the scope of security risks. We then deconstruct ML-based MD systems into distinct operational stages, thus developing a stage-based taxonomy. Utilizing this taxonomy, we summarize the technical progress and discuss the gaps in the attack and defense proposals related to the ML-based MD systems within each stage. Subsequently, we conduct two case studies, using both inter-stage and intra-stage analyses according to the stage-based taxonomy to provide new empirical insights. Based on these analyses and insights, we suggest potential future directions from both inter-stage and intra-stage perspectives.
title On the Security Risks of ML-based Malware Detection Systems: A Survey
topic Cryptography and Security
Artificial Intelligence
Software Engineering
url https://arxiv.org/abs/2505.10903