Combining Generators of Adversarial Malware Examples to Increase Evasion Rate
Matouš Kozák, Martin Jureček
2023
Abstract
Antivirus developers are increasingly embracing machine learning as a key component of malware defense. While machine learning achieves cutting-edge outcomes in many fields, it also has weaknesses that are exploited by several adversarial attack techniques. Many authors have presented both white-box and black-box generators of adversarial malware examples capable of bypassing malware detectors with varying success. We propose to combine contemporary generators in order to increase their potential. Combining different generators can create more sophisticated adversarial examples that are more likely to evade anti-malware tools. We demonstrated this technique on five well-known generators and recorded promising results. The best-performing combination of AMG-random and MAB-Malware generators achieved an average evasion rate of 15.9% against top-tier antivirus products. This represents an average improvement of more than 36% and 627% over using only the AMG-random and MAB-Malware generators, respectively. The generator that benefited the most from having another generator follow its procedure was the FGSM injection attack, which improved the evasion rate on average between 91.97% and 1,304.73%, depending on the second generator used. These results demonstrate that combining different generators can significantly improve their effectiveness against leading antivirus programs.
DownloadPaper Citation
in Harvard Style
Kozák M. and Jureček M. (2023). Combining Generators of Adversarial Malware Examples to Increase Evasion Rate. In Proceedings of the 20th International Conference on Security and Cryptography - Volume 1: SECRYPT; ISBN 978-989-758-666-8, SciTePress, pages 778-786. DOI: 10.5220/0012127700003555
in Bibtex Style
@conference{secrypt23,
author={Matouš Kozák and Martin Jureček},
title={Combining Generators of Adversarial Malware Examples to Increase Evasion Rate},
booktitle={Proceedings of the 20th International Conference on Security and Cryptography - Volume 1: SECRYPT},
year={2023},
pages={778-786},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0012127700003555},
isbn={978-989-758-666-8},
}
in EndNote Style
TY - CONF
JO - Proceedings of the 20th International Conference on Security and Cryptography - Volume 1: SECRYPT
TI - Combining Generators of Adversarial Malware Examples to Increase Evasion Rate
SN - 978-989-758-666-8
AU - Kozák M.
AU - Jureček M.
PY - 2023
SP - 778
EP - 786
DO - 10.5220/0012127700003555
PB - SciTePress