research-article

Open access

An Evolutionary based Generative Adversarial Network Inspired Approach to Defeating Metamorphic Malware

Authors:

Kehinde O. Babaagba,

Jordan WylieAuthors Info & Claims

GECCO '23 Companion: Proceedings of the Companion Conference on Genetic and Evolutionary Computation

Pages 1753 - 1759

https://doi.org/10.1145/3583133.3596362

Published: 24 July 2023 Publication History

Abstract

Defeating dangerous families of malware like polymorphic and metamorphic malware have become well studied due to their increased attacks on computer systems and network. Traditional Machine Learning (ML) models have been used in detecting this malware, however they are often not resistant to future attacks. In this paper, an Evolutionary based Generative Adversarial Network (GAN) inspired approach is proposed as a step towards defeating metamorphic malware. This method uses an Evolutionary Algorithm as a generator to create malware that are designed to fool a detector, a deep learning model into classifying them as benign. We employ a personal information stealing malware family (Dougalek) as a testbed, selected based on its malicious payload and evaluate the samples generated based on their adversarial accuracy, measured based on the number of Antivirus (AV) engines they are able to fool and their ability to fool a set of ML detectors (k-Nearest Neighbors algorithm, Support Vector Machine, Decision Trees, and Multi-Layer Perceptron). The results show that the adversarial samples are on average able to fool 63% of the AV engines and the ML detectors are susceptible to the new mutants achieving an accuracy between 60%-77%.

References

[1]

Emre Aydogan and Sevil Sen. 2015. Automatic Generation of Mobile Malwares Using Genetic Programming. In Applications of Evolutionary Computation, Antonio M. Mora and Giovanni Squillero (Eds.). Springer International Publishing, Cham, 745--756.

[2]

Kehinde O. Babaagba and Mayowa Ayodele. 2023. Evolutionary Based Transfer Learning Approach to Improving Classification of Metamorphic Malware. In Applications of Evolutionary Computation, João Correia, Stephen Smith, and Raneem Qaddoura (Eds.). Springer Nature Switzerland, Cham, 161--176.

[3]

Kehinde O. Babaagba, Zhiyuan Tan, and Emma Hart. 2019. Nowhere Metamorphic Malware Can Hide - A Biological Evolution Inspired Detection Scheme. In Dependability in Sensor, Cloud, and Big Data Systems and Applications, Guojun Wang, Md Zakirul Alam Bhuiyan, Sabrina De Capitani di Vimercati, and Yizhi Ren (Eds.). Springer Singapore, Singapore, 369--382.

[4]

Kehinde O. Babaagba, Zhiyuan Tan, and Emma Hart. 2020. Automatic Generation of Adversarial Metamorphic Malware Using MAP-Elites. In Applications of Evolutionary Computation, Pedro A. Castillo, Juan Luis Jiménez Laredo, and Francisco Fernández de Vega (Eds.). Springer International Publishing, Cham, 117--132.

[5]

Kehinde O. Babaagba, Zhiyuan Tan, and Emma Hart. 2020. Improving Classification of Metamorphic Malware by Augmenting Training Data with a Diverse Set of Evolved Mutant Samples. In 2020 IEEE Congress on Evolutionary Computation (CEC). 1--7.

Digital Library

[6]

Leo Breiman, Jerome H Friedman, Richard A Olshen, and Charles J Stone. 1984. Classification and regression trees. Wadsworth & Brooks/Cole Advanced Books & Software, Monterey, CA.

[7]

Danilo Bruschi, Lorenzo Martignoni, and Mattia Monga. 2007. Code normalization for self-mutating malware. IEEE Security and Privacy 5, 2 (2007), 46--54.

Digital Library

[8]

CrowdStrike. [n. d.]. 2022 Global Threat Report. https://www.crowdstrike.com/global-threat-report/

[9]

G. E. Dahl, J. W. Stokes, L. Deng, and D. Yu. 2013. Large-scale malware classification using random projections and neural networks. In 2013 IEEE International Conference on Acoustics, Speech and Signal Processing. 3422--3426.

[10]

A. Dhakal, A. Poudel, S. Pandey, S. Gaire, and H. P. Baral. 2018. Exploring Deep Learning in Semantic Question Matching. In 2018 IEEE 3rd International Conference on Computing, Communication and Security (ICCCS '18). 86--91.

[11]

Agoston Endre Eiben and Jim E. Smith. 2003. What is an Evolutionary Algorithm? In Introduction to Evolutionary Computing. Springer Publishing Company, Incorporated, 15--35. arXiv:arXiv:1011.1669v3

Digital Library

[12]

Yongsheng Fang and Jun Li. 2010. A Review of Tournament Selection in Genetic Programming. In Advances in Computation and Intelligence, Zhihua Cai, Chengyu Hu, Zhuo Kang, and Yong Liu (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 181--192.

[13]

Ian Goodfellow, Jean Pouget-Abadie, Mehdi Mirza, Bing Xu, David Warde-Farley, Sherjil Ozair, Aaron Courville, and Yoshua Bengio. 2014. Generative Adversarial Nets. In Advances in Neural Information Processing Systems 27, Z. Ghahramani, M. Welling, C. Cortes, N. D. Lawrence, and K. Q. Weinberger (Eds.). Curran Associates, Inc., 2672--2680.

Digital Library

[14]

Alex Graves. 2012. Supervised Sequence Labelling. Springer Berlin Heidelberg, Berlin, Heidelberg, 5--13.

[15]

PRAMOD GUPTA and NARESH K. SINHA. 2000. CHAPTER 14-Neural Networks for Identification of Nonlinear Systems: An Overview. In Soft Computing and Intelligent Systems, NARESH K. SINHA and MADAN M. GUPTA (Eds.). Academic Press, San Diego, 337--356.

[16]

Daniel Heres. 2017. Source Code Plagiarism Detection using Machine Learning. Ph.D. Dissertation. Utrecht University.

[17]

Wael H. Gomaa and Aly A. Fahmy. 2013. A Survey of Text Similarity Approaches. International Journal of Computer Applications (2013).

[18]

Weiwei Hu and Ying Tan. 2017. Generating Adversarial Malware Examples for Black-Box Attacks Based on GAN. CoRR abs/1702.05983 (2017). arXiv:1702.05983 http://arxiv.org/abs/1702.05983

[19]

V. Kecman. 2005. Support Vector Machines - An Introduction. Springer Berlin Heidelberg, Berlin, Heidelberg, 1--47.

[20]

Diederik P. Kingma and Jimmy Ba. 2014. Adam: A Method for Stochastic Optimization. CoRR abs/1412.6980 (2014).

[21]

Jared Lee, Thomas H Austin, and Mark Stamp. 2015. Compression-based Analysis of Metamorphic Malware. International Journal of Security and Networks 10, 2 (jul 2015), 124--136.

Digital Library

[22]

Zachary Chase Lipton. 2015. A Critical Review of Recurrent Neural Networks for Sequence Learning. ArXiv abs/1506.00019 (2015).

[23]

R. Lu. 2019. Malware Detection with LSTM using Opcode Language. arXiv:1906.04593 (2019). arXiv:arXiv:1906.04593

[24]

Ross A. J. McLaren, Kehinde Oluwatoyin Babaagba, and Zhiyuan Tan. 2023. A Generative Adversarial Network Based Approach to Malware Generation Based on Behavioural Graphs. In Machine Learning, Optimization, and Data Science, Giuseppe Nicosia, Varun Ojha, Emanuele La Malfa, Gabriele La Malfa, Panos Pardalos, Giuseppe Di Fatta, Giovanni Giuffrida, and Renato Umeton (Eds.). Springer Nature Switzerland, Cham, 32--46.

[25]

Robert Nisbet, Gary Miner, and Ken Yale. 2018. Chapter 9 - Classification. In Handbook of Statistical Analysis and Data Mining Applications (Second Edition) (2 ed.), Robert Nisbet, Gary Miner, and Ken Yale (Eds.). Academic Press, Boston, 169--186.

[26]

Chaiyong Ragkhitwetsagul, Jens Krinke, and David Clark. 2018. A comparison of code similarity analysers. Empirical Software Engineering 23, 4 (2018), 2464--2519.

Digital Library

[27]

Vaibhav Rastogi, Yan Chen, and Xuxian Jiang. 2013. DroidChameleon: Evaluating Android Anti-malware Against Transformation Attacks. In Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security (Hangzhou, China) (ASIA CCS '13). ACM, New York, NY, USA, 329--334.

Digital Library

[28]

J. Saxe and K. Berlin. 2015. Deep neural network based malware detection using two dimensional binary program features. In 2015 10th International Conference on Malicious and Unwanted Software (MALWARE). 11--20.

[29]

Annie H Toderici and Mark Stamp. 2013. Chi-squared Distance and Metamorphic Virus Detection. J. Comput. Virol. 9, 1 (feb 2013), 1--14.

Digital Library

[30]

N P Tran and M Lee. 2013. High performance string matching for security applications. In International Conference on ICT for Smart Society. 1--5.

[31]

Leigh Turnbull, Zhiyuan Tan, and Kehinde O. Babaagba. 2022. A Generative Neural Network for Enhancing Android Metamorphic Malware Detection based on Behaviour Profiling. In 2022 IEEE Conference on Dependable and Secure Computing (DSC). 1--9.

[32]

Weilin Xu, Yanjun Qi, and David Evans. 2016. Automatically Evading Classifiers: A Case Study on PDF Malware Classifier. In 23rd Annual Network and Distributed System Security Symposium, NDSS 2016, San Diego, California, USA. The Internet Society.

[33]

Min Zheng, Patrick P. C. Lee, and John C. S. Lui. 2013. ADAM: An Automatic and Extensible Platform to Stress Test Android Anti-virus Systems. In Detection of Intrusions and Malware, and Vulnerability Assessment, Ulrich Flegel, Evangelos Markatos, and William Robertson (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 82--101.

Cited By

Babaagba KMurali RThomson SLi XHandl J(2024)Exploring the use of fitness landscape analysis for understanding malware evolutionProceedings of the Genetic and Evolutionary Computation Conference Companion10.1145/3638530.3664094(77-78)Online publication date: 14-Jul-2024
https://dl.acm.org/doi/10.1145/3638530.3664094

Index Terms

An Evolutionary based Generative Adversarial Network Inspired Approach to Defeating Metamorphic Malware
1. Computing methodologies
  1. Machine learning
    1. Machine learning algorithms
2. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation
    1. Malware and its mitigation
  2. Network security
    1. Mobile and wireless security

Recommendations

Metamorphic malware detection using base malware identification approach

Malware is a malicious program that is intentionally developed to harm computer systems. Because the metamorphic malwares are advanced in nature, they mutate their code in each generation by employing code obfuscation techniques to thwart detection. ...
Metamorphic malware detection using opcode frequency rate and decision tree

Malware is defined as any type of malicious code that is the potent to harm a computer or a network. Modern malwares are accompanied with mutation characteristics, namely polymorphism and metamorphism. They let malwares to generate enormous number of ...
A framework for metamorphic malware analysis and real-time detection

Metamorphism is a technique that mutates the binary code using different obfuscations. It is difficult to write a new metamorphic malware and in general malware writers reuse old malware. To hide detection the malware writers change the obfuscations (...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

GECCO '23 Companion: Proceedings of the Companion Conference on Genetic and Evolutionary Computation

July 2023

2519 pages

ISBN:9798400701207

DOI:10.1145/3583133

Chair:
Sara Silva,
Program Chair:
Luís Paquete

Copyright © 2023 Owner/Author(s).

This work is licensed under a Creative Commons Attribution International 4.0 License.

Sponsors

SIGEVO: ACM Special Interest Group on Genetic and Evolutionary Computation

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 24 July 2023

Check for updates

Author Tags

Qualifiers

Research-article

Conference

GECCO '23 Companion

Sponsor:

SIGEVO

GECCO '23 Companion: Companion Conference on Genetic and Evolutionary Computation

July 15 - 19, 2023

Lisbon, Portugal

Acceptance Rates

Overall Acceptance Rate 1,669 of 4,410 submissions, 38%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
259
Total Downloads

Downloads (Last 12 months)188
Downloads (Last 6 weeks)13

Reflects downloads up to 18 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Babaagba KMurali RThomson SLi XHandl J(2024)Exploring the use of fitness landscape analysis for understanding malware evolutionProceedings of the Genetic and Evolutionary Computation Conference Companion10.1145/3638530.3664094(77-78)Online publication date: 14-Jul-2024
https://dl.acm.org/doi/10.1145/3638530.3664094

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents