Generative Adversarial Networks and Image-Based Malware Classification

TL;DR

This paper explores using GANs for classifying malware images, comparing their performance to other machine learning methods and assessing their potential for adversarial attacks, finding GANs competitive but not easily fooled.

Contribution

It introduces a novel approach of representing malware as images and applying GANs for multiclass classification, comparing with traditional methods and evaluating adversarial attack potential.

Findings

AC-GAN discriminator performs competitively with other ML techniques.

GAN generated images are visually impressive but distinguishable from real malware images.

GAN images are of limited use for effective adversarial attacks.

Abstract

For efficient malware removal, determination of malware threat levels, and damage estimation, malware family classification plays a critical role. In this paper, we extract features from malware executable files and represent them as images using various approaches. We then focus on Generative Adversarial Networks (GAN) for multiclass classification and compare our GAN results to other popular machine learning techniques, including Support Vector Machine (SVM), XGBoost, and Restricted Boltzmann Machines (RBM). We find that the AC-GAN discriminator is generally competitive with other machine learning techniques. We also evaluate the utility of the GAN generative model for adversarial attacks on image-based malware detection. While AC-GAN generated images are visually impressive, we find that they are easily distinguished from real malware images using any of several learning techniques. This result indicates that our GAN generated images would be of little value in adversarial attacks.