A Comparison of Adversarial Learning Techniques for Malware Detection

TL;DR

This paper compares different adversarial machine learning techniques for generating malware samples that can evade detection, highlighting the effectiveness of reinforcement learning methods like Gym-malware.

Contribution

It provides a comprehensive comparison of gradient-based, evolutionary, and reinforcement learning methods for adversarial malware generation, emphasizing the practical potential of Gym-malware.

Findings

Gym-malware achieved an evasion rate of 44.11%

Combining generators increased evasion to 58.35%

Reinforcement learning approach showed the highest practical potential

Abstract

Machine learning has proven to be a useful tool for automated malware detection, but machine learning models have also been shown to be vulnerable to adversarial attacks. This article addresses the problem of generating adversarial malware samples, specifically malicious Windows Portable Executable files. We summarize and compare work that has focused on adversarial machine learning for malware detection. We use gradient-based, evolutionary algorithm-based, and reinforcement-based methods to generate adversarial samples, and then test the generated samples against selected antivirus products. We compare the selected methods in terms of accuracy and practical applicability. The results show that applying optimized modifications to previously detected malware can lead to incorrect classification of the file as benign. It is also known that generated malware samples can be successfully used against detection models other than those used to generate them and that using combinations of generators can create new samples that evade detection. Experiments show that the Gym-malware generator, which uses a reinforcement learning approach, has the greatest practical potential. This generator achieved an average sample generation time of 5.73 seconds and the highest average evasion rate of 44.11%. Using the Gym-malware generator in combination with itself improved the evasion rate to 58.35%.