Research Output

Automatic Generation of Adversarial Metamorphic Malware Using MAP-Elites

  In the field of metamorphic malware detection, training a detection model with malware samples that reflect potential mutants of the malware is crucial in developing a model resistant to future attacks. In this paper, we use a Multi-dimensional Archive of Phenotypic Elites (MAP-Elites) algorithm to generate a large set of novel, malicious mutants that are diverse with respect to their behavioural and structural similarity to the original mutant. Using two classes of malware as a test-bed, we show that the MAP-Elites algorithm produces a large and diverse set of mutants, that evade between 64% to 72% of the 63 detection engines tested. When compared to results obtained using repeated runs of an Evolutionary Algorithm that converges to a single solution result , the MAP-Elites approach is shown to produce a significantly more diverse range of solutions, while providing equal or improved results in terms of evasiveness, depending on the dataset in question. In addition, the archive produced by MAP-Elites sheds insight into the properties of a sample that lead to them being undetectable by a suite of existing detection engines.

Citation

Babaagba, K. O., Tan, Z., & Hart, E. (2020). Automatic Generation of Adversarial Metamorphic Malware Using MAP-Elites. In Applications of Evolutionary Computation. EvoApplications 2020. , (117-132). https://doi.org/10.1007/978-3-030-43722-0_8

Authors

Keywords

Metamorphic Malware; MAP-Elites; Machine-Learning

Monthly Views:

Available Documents