Auxiliary-Classifier GAN for Malware Analysis

TL;DR

This paper explores using auxiliary classifier GANs to generate malware images for analysis, finding that while the generated images are similar to real ones, they do not fully mimic deep fake malware images, with classification being challenging.

Contribution

It introduces the application of AC-GANs to generate malware images and evaluates their effectiveness for malware classification tasks.

Findings

AC-GAN can generate malware images resembling real samples.

Classifying real vs. fake malware images is effective.

Generated images do not fully mimic deep fake malware images.

Abstract

Generative adversarial networks (GAN) are a class of powerful machine learning techniques, where both a generative and discriminative model are trained simultaneously. GANs have been used, for example, to successfully generate "deep fake" images. A recent trend in malware research consists of treating executables as images and employing image-based analysis techniques. In this research, we generate fake malware images using auxiliary classifier GANs (AC-GAN), and we consider the effectiveness of various techniques for classifying the resulting images. Our results indicate that the resulting multiclass classification problem is challenging, yet we can obtain strong results when restricting the problem to distinguishing between real and fake samples. While the AC-GAN generated images often appear to be very similar to real malware images, we conclude that from a deep learning perspective, the AC-GAN generated samples do not rise to the level of deep fake malware images.