Beyond the Wrapper: Identifying Artifact Reliance in Static Malware Classifiers using TRUSTEE

ArXi:2605.07034v1 Announce Type: cross Modern cybersecurity relies heavily on static machine-learning-based malware classifiers. However, transformations such as packing and other non-semantic modifications applied to executable files limit their reliability. Malware classifiers often learn these unnecessary artifacts rather than the true binary behavior because of the high association between maliciousness and packing. Moreover, these malware classifiers are black boxes, making it difficult to understand what they learn.