Edinburgh Napier University

  Defeating dangerous families of malware like polymorphic and metamorphic malware have become well studied due to their increased attacks on computer systems and network. Traditional Machine Learning (ML) models have been used in detecting this malware, however they are often not resistant to future attacks. In this paper, an Evolutionary based Generative Adversarial Network (GAN) inspired approach is proposed as a step towards defeating metamorphic malware. This method uses an Evolutionary Algorithm as a generator to create malware that are designed to fool a detector, a deep learning model into classifying them as benign. We employ a personal information stealing malware family (Dougalek) as a testbed, selected based on its malicious payload and evaluate the samples generated based on their adversarial accuracy, measured based on the number of Antivirus (AV) engines they are able to fool and their ability to fool a set of ML detectors (k-Nearest Neighbors algorithm, Support Vector Machine, Decision Trees, and Multi-Layer Perceptron). The results show that the adversarial samples are on average able to fool 63% of the AV engines and the ML detectors are susceptible to the new mutants achieving an accuracy between 60%-77%.