What problem does this paper attempt to address?

The problem that this paper attempts to solve is that the current malware detectors based on machine learning are vulnerable to adversarial sample attacks. Specifically, although the existing machine - learning methods have achieved high precision in malware detection, these detectors are still very fragile to carefully - designed adversarial malware samples (i.e., malware that evades detection through minor modifications). The paper explores how and why adversarial samples can bypass malware detectors and proposes a method of Randomised Chaining to statically defend against adversarial malware. ### Main objectives of the paper: 1. **Research on current techniques for generating adversarial malware**: Analyze the existing adversarial malware - generation techniques and understand their working principles and effectiveness. 2. **Implement and compare the effectiveness of various techniques**: Verify the effects of different techniques for generating adversarial malware through experiments. 3. **Explore how to detect optimized adversarial malware**: Research how to identify and detect these optimized adversarial malware. 4. **Propose a method for developing next - generation antivirus software**: Design a new method to improve the defense ability of antivirus software against adversarial malware. 5. **Conduct experiments to determine the effectiveness of the method**: Verify the effectiveness of the proposed Randomised Chaining method through experiments. ### Background and related work: - **Function - preserving black - box optimization**: Demetrio et al. proposed a black - box optimization method to optimize adversarial Windows malware by injecting benign content while keeping its malicious function unchanged. - **Reinforcement - learning attack**: Song et al. used the Multi - Armed Bandit (MAB) framework to generate adversarial malware by stateless process modeling, reusing successful payloads, and minimizing the changes of adversarial samples. - **Explanation - guided evasion attack**: Wang et al. evaluated the weaknesses of malware detectors through feature - space operations and problem - space obfuscation, demonstrating the effectiveness of these attacks on non - learning and learning - type detectors. - **Automatically evading classifier**: Xu proposed a general method for automatically generating PDF malware variants to evade the detection of classifiers through genetic programming techniques. ### Methodology: 1. **Research on current techniques for generating adversarial malware**: Analyze the MAB - Malware and GAMMA frameworks and compare their effectiveness and characteristics in generating adversarial malware. 2. **Implement techniques and compare their effectiveness**: Test the MAB - Malware and GAMMA frameworks through experiments and evaluate their performance in generating adversarial malware. 3. **Explore how to detect adversarial malware**: Utilize the low transferability of adversarial samples and propose a method to improve the detection rate by linking multiple different detectors. 4. **Propose a method for developing next - generation antivirus software**: Design a Randomised Chaining method to improve the detection rate of adversarial malware by randomly selecting multiple detectors to scan files. ### Experiments and results: - **Experimental design**: Use the MAB - Malware framework to generate adversarial samples and test the detection rates of these samples in multiple antivirus detectors through the VirusTotal platform. - **Result analysis**: The results show that as the number of randomly selected detectors increases, the detection rate increases significantly. When using 10 random detectors, the detection rate reaches 99.5% with a standard deviation of 1%. ### Conclusion: The paper finds that the malware generated by adversarial attacks has low transferability between different detectors. Based on this weakness, the paper proposes a Randomised Chaining method to improve the detection rate of adversarial malware by randomly selecting multiple different detectors. The experimental results show that this method is theoretically effective, but still needs further verification and improvement in practical applications.