EGAN: Evolutional GAN for Ransomware Evasion

TL;DR

EGAN introduces an evolutionary GAN-based framework that generates adversarial ransomware samples capable of evading both AI-powered and traditional antivirus systems while maintaining their malicious functionality.

Contribution

This work presents a novel attack framework combining Evolution Strategy and GANs to produce functional adversarial ransomware that bypasses multiple antivirus defenses.

Findings

Successfully bypassed most AI-powered antivirus systems on VirusTotal.

Generated adversarial ransomware increased evasion probability against non-AI antivirus solutions.

Demonstrated the effectiveness of EGAN in real-world malware evasion scenarios.

Abstract

Adversarial Training is a proven defense strategy against adversarial malware. However, generating adversarial malware samples for this type of training presents a challenge because the resulting adversarial malware needs to remain evasive and functional. This work proposes an attack framework, EGAN, to address this limitation. EGAN leverages an Evolution Strategy and Generative Adversarial Network to select a sequence of attack actions that can mutate a Ransomware file while preserving its original functionality. We tested this framework on popular AI-powered commercial antivirus systems listed on VirusTotal and demonstrated that our framework is capable of bypassing the majority of these systems. Moreover, we evaluated whether the EGAN attack framework can evade other commercial non-AI antivirus solutions. Our results indicate that the adversarial ransomware generated can increase the probability of evading some of them.