Mal-D2GAN: Double-Detector based GAN for Malware Generation

TL;DR

This paper introduces Mal-D2GAN, a novel GAN architecture with double-detectors and a least squares loss to generate more robust adversarial malware examples, improving malware detector resilience.

Contribution

Mal-D2GAN addresses training instability and weak adversarial examples in GANs, enhancing malware generation for robustness testing.

Findings

Mal-D2GAN reduces detection accuracy in 8 malware detectors.

It outperforms MalGAN and Mal-LSGAN in generating effective adversarial malware.

The model was tested on a dataset of 20,000 samples.

Abstract

Machine learning (ML) has been developed to detect malware in recent years. Most researchers focused their efforts on improving the detection performance but ignored the robustness of the ML models. In addition, many machine learning algorithms are very vulnerable to intentional attacks. To solve these problems, adversarial malware examples are generated by GANs to enhance the robustness of the malware detector. However, since current GAN models suffer from limitations such as unstable training and weak adversarial examples, we propose the Mal-D2GAN model to address these problems. Specifically, the Mal-D2GAN architecture was designed with double-detector and a least square loss function and tested on a dataset of 20,000 samples. The results show that the Mal-D2GAN model reduced the detection accuracy (true positive rate) in 8 malware detectors. The performance was then compared with that of the existing MalGAN and Mal- LSGAN models.