WasmGuard: Enhancing Web Security through Robust Raw-Binary Detection of WebAssembly Malware

WebAssembly (Wasm), a binary instruction format designed for efficient cross-platform execution, has rapidly become a foundational web standard, widely adopted in browsers, client-side, and server-side applications. However, its growing popularity has led to an increase in Wasm-targeted malware, including cryptojackers and obfuscated malicious scripts, which pose significant threats to web security. In spite of progress in deep learning based detection methods for Wasm malware, such as MINOS, these approaches face substantial performance degradation in adversarial environments. In our experiments, MINOS's detection accuracy dropped to 49.90% under adversarial attacks, revealing critical vulnerabilities. To address this, we introduce WasmGuard, a robust malware detection framework tailored for Wasm. WasmGuard employs FGSM-based adversarial training with prior-based initialization for perturbation bytes in customized sections, coupled with a novel adversarial contrastive learning objective. Using our large-scale dataset, WasmMal-15K (publicly available at https://github.com/Yuxia-Sun/WasmMal GitHub), WasmGuard outperforms six competing methods, achieving up to 99.20% Robust Accuracy and 99.93% Standard Accuracy under PGD-50 adversarial attacks, while maintaining low training overhead. Additionally, we have released WebChecker, a WasmGuard-powered browser plugin, providing real-time protection against malicious Wasm files, at https://github.com/Yuxia-Sun/WasmGuard.