Poster: Automatically Evading Classifiers A Case Study on Structural Feature-based PDF Malware Classifiers

Machine learning methods are widely used in security tasks. However, the robustness of these models against motivated adversaries is unclear. In this work, we propose a generic method that simulates evasion attempts to evaluate the robustness of classifiers under attack. We report results from experiments automatically generating malware variants to evade classifiers, from which we have observed non-robust features result in vulnerable classifiers. This suggests the proposed evasion simulation method will help to improve the robustness of classifiers by locating weak spots of learning models.