skip to main content
10.1145/3603781.3604217acmotherconferencesArticle/Chapter ViewAbstractPublication PagescniotConference Proceedingsconference-collections
research-article

Generation of Adversarial Malware Based on Genetic Algorithm and Instruction Replacement

Published: 27 July 2023 Publication History

Abstract

With the development of cyberspace security attack and defense, the malware detection model based on machine learning is also facing the threat of adversarial examples. An important way to defend against such threats is to generate effective adversarial examples and then use them to conduct adversarial training on the model. For the end-to-end PE malware detection model, most of the existing generation technologies for adversarial examples adopt the method of inserting dead codes, but the dead codes are easy to be filtered out by preprocessing. A novel adversarial-example generation approach for PE malware, called AGA, is proposed based on a genetic algorithm and equivalent-instruction replacement. The experimental studies show that the AGA approach outperforms the existing generation approach, which is based on a particle-swarm-optimization algorithm, in terms of attack effectiveness and attack-generation efficiency.

References

[1]
Catal, Cagatay, Görkem Giray, and Bedir Tekinerdogan. "Applications of deep learning for mobile malware detection: A systematic literature review." Neural Computing and Applications (2022): 1-26.
[2]
Raff, Edward, "Malware detection by eating a whole exe." arXiv preprint arXiv:1710.09435 (2017).
[3]
Kolosnjaji, Bojan, "Adversarial malware binaries: Evading deep learning for malware detection in executables." 2018 26th European signal processing conference (EUSIPCO). IEEE, 2018.
[4]
Yuan, Junkun, "Black-box adversarial attacks against deep learning based malware binaries detection with GAN." ECAI 2020. IOS Press, 2020. 2536-2542.
[5]
Park, Daniel, Haidar Khan, and Bülent Yener. "Generation & evaluation of adversarial examples for malware obfuscation." 2019 18th IEEE International Conference On Machine Learning And Applications (ICMLA). IEEE, 2019.
[6]
Mosli, Rayan, Thomas J. Slota, and Yin Pan. "Creating Adversarial Malware Examples Through Guided Metamorphic Changes." 2021 IEEE International Symposium on Technologies for Homeland Security (HST). IEEE, 2021.
[7]
GitHub - a0rtega/metame: metame is a metamorphic code engine for arbitrary executables[EB/OL]. [2022-4-20].
[8]
Holland, John H. Adaptation in natural and artificial systems: an introductory analysis with applications to biology, control, and artificial intelligence. MIT press, 1992.
[9]
VirusShare.com[EB/OL]. [2022-4-20]. https://virusshare.com

Index Terms

  1. Generation of Adversarial Malware Based on Genetic Algorithm and Instruction Replacement
      Index terms have been assigned to the content through auto-classification.

      Recommendations

      Comments

      Information & Contributors

      Information

      Published In

      cover image ACM Other conferences
      CNIOT '23: Proceedings of the 2023 4th International Conference on Computing, Networks and Internet of Things
      May 2023
      1025 pages
      ISBN:9798400700705
      DOI:10.1145/3603781
      Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      Published: 27 July 2023

      Permissions

      Request permissions for this article.

      Check for updates

      Author Tags

      1. Adversarial Example
      2. Assembly Instruction Replacement
      3. Genetic Algorithm
      4. PE Malware

      Qualifiers

      • Research-article
      • Research
      • Refereed limited

      Funding Sources

      • the Guangdong Basic and Applied Basic Research Foundation under Grant 2021A1515012297, Guangdong Key Laboratory of Data Security and Privacy Preserving (Grant No. 2017B030301004), and the Open Project of Guangdong Provincial Key Laboratory of High-Performance Computing (2021).

      Conference

      CNIOT'23

      Acceptance Rates

      Overall Acceptance Rate 39 of 82 submissions, 48%

      Contributors

      Other Metrics

      Bibliometrics & Citations

      Bibliometrics

      Article Metrics

      • 0
        Total Citations
      • 61
        Total Downloads
      • Downloads (Last 12 months)45
      • Downloads (Last 6 weeks)6
      Reflects downloads up to 20 Feb 2025

      Other Metrics

      Citations

      View Options

      Login options

      View options

      PDF

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      HTML Format

      View this article in HTML Format.

      HTML Format

      Figures

      Tables

      Media

      Share

      Share

      Share this Publication link

      Share on social media