How to confuse antimalware neural networks. Adversarial attacks and protection

Nowadays, cybersecurity companies implement a variety of methods to discover new, previously unknown malware files. Machine learning (ML) is a powerful and widely used approach for this task. At Kaspersky we have a number of complex ML models based on different file features, including models for static and dynamic detection, for processing sandbox logs and system events, etc. We implement different machine learning techniques, including deep neural networks, one of the most promising technologies that make it possible to work with large amounts of data, incorporate different types of features, and boast a high accuracy rate. But can we rely entirely on machine learning approaches in the battle with the bad guys? Or could powerful AI itself be vulnerable? In this article we attempt to attack our product anti-malware neural network models and check existing defense methods. An adversarial attack is a method of making small modifications to the objects in such a way that the machine learning model begins to misclassify them.