Research attacking ML-based image classifiers is common, but it is less frequent to see a study on how someone can bypass ML-based malware detection. Presentation is prepared by our friends Zoltan Balazs and Hyrum Anderson. Back in 2019, they organized a contest where participants had to modify Windows malware in a way where the provided three ML engines do not detect it. However, the modified sample is still functionally equivalent to the original binary.

As it turned out, it is not that hard to come up with a generic solution which can bypass all three engines. In this presentation, we will discuss the details of the contests from 2020 and 2019, some of the techniques used by the participants (packing, overlays, adding sections), and information on the defensive tracks.

For more details about this presentation, included in our Blue Track activities, please check https://deep-conference.com/.