Static malware detectors are vulnerable to metamorphic attacks and lack provable robustness guarantees. This work proposes the first certifiably robust framework tailored for static malware detection. By generating sample variants through feature ablation and targeted noise injection, the method constructs a smoothed classifier via randomized smoothing combined with majority voting. Leveraging Wilson confidence intervals, it derives formal robustness certificates against perturbations in the feature space. Notably, the approach requires no modification to the underlying detector and, while maintaining high detection performance, provides the first certified evasion resistance for static malware analysis.

Machine learning-based static malware detectors remain vulnerable to adversarial evasion techniques, such as metamorphic engine mutations. To address this vulnerability, we propose a certifiably robust malware detection framework based on randomized smoothing through feature ablation and targeted noise injection. During evaluation, our system analyzes an executable by generating multiple ablated variants, classifies them by using a smoothed classifier, and identifies the final label based on the majority vote. By analyzing the top-class voting distribution and the Wilson score interval, we derive a formal certificate that guarantees robustness within a specific radius against feature-space perturbations. We evaluate our approach by comparing the performance of the base classifier and the smoothed classifier on both clean executables and ablated variants generated using PyMetaEngine. Our results demonstrate that the proposed smoothed classifier successfully provides certifiable robustness against metamorphic evasion attacks without requiring modifications to the underlying machine learning architecture.