Detecting new malware using machine learning has been increasingly used lately, yet recent research has proven that deep neural networks report unexpected behavior when confronted with adversarial examples. Implementing Generative Adversarial Network (GAN) has proved to be a powerful technique in the image processing domain and it can be similarly extended to further domains such as malware evasion. While the concept is fairly straight forward for image processing, manipulating portable executable (PE) files can be challenging given its binary nature and the fact that perturbations can render the file corrupt. Hence, most of research proposed in the literature work with limited malware representations and dismissed the actual files. Our hypothesis is that generating valid PE files can be more effective for adversarial learning and the use of machine learning for malware classification. Therefore, we designed an approach using GAN to generate malware adversarial examples by injecting byte-level perturbations, which are able to bypass state-of-the-art classifiers.
Recommended citation: R. Labaca-Castro, C. Schmitt, G. Dreo Rodosek: Training GANs to Generate Adversarial Examples Against Malware Classification. 40th IEEE Symposium on Security and Privacy (S&P), San Francisco, CA, USA, May 20, 2019.