An IRL-based malware adversarial generation method to evade anti-malware engines

Abstract In order to reduce the risk of malware, researchers proposed various malware detection methods, in which the machine learning-based method has been paid more and more attention. However, malware developers used a variety of countermeasures to evade detection. For example, they may generate so-called adversarial examples to interfere with machine-learning-based detectors. An adversarial example is one that makes changes to the malware so that the generated malware can evade detection while retaining the malicious functionality. In the complex adversarial environment, only the in-depth analysis of the adversarial code can comprehensively improve the detection level of the detector. In this work, we used improved reinforcement learning to generate adversarial examples. The method accepts malicious code samples as input, and takes detection engine and feature extractor as the environment, to output several malicious samples that can avoid the detection by adjusting each detection results. Compared with the existing methods based on reinforcement learning, our method can generate reward function automatically without manual setting, which greatly improves the flexibility of the model. We compared the effectiveness of our algorithm with other methods in some of the literature on a set of portable executable files (PEs). Experimental results show that our algorithm is more flexible and effective.

[1]  Alex Graves,et al.  Playing Atari with Deep Reinforcement Learning , 2013, ArXiv.

[2]  Joan Bruna,et al.  Intriguing properties of neural networks , 2013, ICLR.

[3]  Lori A. Flynn,et al.  Polymorphic malware detection and identification via context-free grammar homomorphism , 2007, Bell Labs Technical Journal.

[4]  Giorgio Giacinto,et al.  Stealth attacks: An extended insight into the obfuscation effects on Android malware , 2015, Comput. Secur..

[5]  Guo-Zi Sun,et al.  Study the Logic Invariability in Subroutine's Junk Code Fuzzy Transformation , 2009, 2009 International Conference on Networks Security, Wireless Communications and Trusted Computing.

[6]  Jianming Fu,et al.  Towards Paving the Way for Large-Scale Windows Malware Analysis: Generic Binary Unpacking with Orders-of-Magnitude Performance Boost , 2018, CCS.

[7]  Roland H. C. Yap,et al.  Inferring the Detection Logic and Evaluating the Effectiveness of Android Anti-Virus Apps , 2016, CODASPY.

[8]  Ananthram Swami,et al.  Practical Black-Box Attacks against Machine Learning , 2016, AsiaCCS.

[9]  Ajmal Mian,et al.  Threat of Adversarial Attacks on Deep Learning in Computer Vision: A Survey , 2018, IEEE Access.

[10]  Shahid Alam,et al.  DroidNative: Automating and optimizing detection of Android native code malware variants , 2017, Comput. Secur..

[11]  Yasir Malik,et al.  Behavioral-Based Classification and Identification of Ransomware Variants Using Machine Learning , 2018, 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE).

[12]  Henry S. Baird,et al.  Using synthetic data safely in classification , 2009, Electronic Imaging.

[13]  Yao Zhao,et al.  Adversarial Attacks and Defences Competition , 2018, ArXiv.

[14]  Patrick D. McDaniel,et al.  Machine Learning in Adversarial Settings , 2016, IEEE Security & Privacy.

[15]  Ravishankar K. Iyer,et al.  Hypervisor Introspection: A Technique for Evading Passive Virtual Machine Monitoring , 2015, WOOT.

[16]  Xuxian Jiang,et al.  Catch Me If You Can: Evaluating Android Anti-Malware Against Transformation Attacks , 2014, IEEE Transactions on Information Forensics and Security.

[17]  Lior Rokach,et al.  Generic Black-Box End-to-End Attack Against State of the Art API Call Based Malware Classifiers , 2017, RAID.