基于随机平滑的恶意软件识别深度学习模型鲁棒性认证方法

Robustness，the ability to resist uncertain disturbances, is an important index of machine learning model. The certified method based on random smoothing can certify the robustness of large and complex models. In the task of malware identification, the noise samples obtained by adding noise to all features using random smoothing algorithm may lose the malicious function. The existing certification algorithms construct the certified region according to the likelihood ratio of noise spatial distribution from large to small, causing the certified robust region small and the certified accuracy not good. So, a robust certification method was proposed based on random smoothing for malware recognition deep learning model. The method was arranged to add discrete Bernoulli noise only to the unnecessary features of malicious functions to construct a certifiable smoothing model, and to select the region with smaller likelihood ratio to construct a certified region to achieve more accurate certified robustness. Experiment results show that the average certified radius of the proposed method on three data sets is 4.37 times, 2.67 times and 2.72 times that of the comparison method. This method can provide the certified radius closer to the actual robust boundary, possessing a strong practical value in the evaluation of model robustness.