The Power of MEME: Adversarial Malware Creation with Model-Based Reinforcement Learning

TL;DR

This paper introduces MEME, a reinforcement learning-based method for generating adversarial malware that effectively evades detection and creates accurate surrogate models, outperforming existing techniques.

Contribution

The work presents a novel model-based reinforcement learning approach for adversarial malware creation and model extraction, enhancing evasion success and surrogate accuracy.

Findings

MEME achieves 32-73% evasion rate against various models.

Surrogate models agree with target models at 97-99%.

MEME outperforms state-of-the-art adversarial malware creation methods.

Abstract

Due to the proliferation of malware, defenders are increasingly turning to automation and machine learning as part of the malware detection tool-chain. However, machine learning models are susceptible to adversarial attacks, requiring the testing of model and product robustness. Meanwhile, attackers also seek to automate malware generation and evasion of antivirus systems, and defenders try to gain insight into their methods. This work proposes a new algorithm that combines Malware Evasion and Model Extraction (MEME) attacks. MEME uses model-based reinforcement learning to adversarially modify Windows executable binary samples while simultaneously training a surrogate model with a high agreement with the target model to evade. To evaluate this method, we compare it with two state-of-the-art attacks in adversarial malware creation, using three well-known published models and one antivirus product as targets. Results show that MEME outperforms the state-of-the-art methods in terms of evasion capabilities in almost all cases, producing evasive malware with an evasion rate in the range of 32-73%. It also produces surrogate models with a prediction label agreement with the respective target models between 97-99%. The surrogate could be used to fine-tune and improve the evasion rate in the future.