Adversarial Learning-Based Approach for Detecting Malicious DLLs

Several malware families have been deployed as dynamic link libraries (DLLs) due to the difficulty in analyzing and verifying their presence in a victim’s computer. Although various file metadata-based detection mechanisms can detect such DLLs easily with machine learning and deep learning, malware authors have recently crafted adversarial file metadata to evade detection models. This paper aims to build a dataset containing labeled DLL metadata and proposes a generic detection mechanism for enhancing malicious DLL detection by adopting an adversarial learning approach. We used the fast gradient sign method, binary iterative method, and projected gradient descent to create perturbations in our data for adversarial learning. Our results proved that the random forest algorithm provides the best performance, achieving an accuracy of 99.826% (95% CI: ±0.03%) in the feature-space domain. We also validated our model using anomalies from our data that were not used to train the model and achieved a detection rate of 100% in the problem-space domain validation using random forest.