Genetic Programming (GP) has previously proved to achieve valuable results on the fields of image processing and arcade learning. Similarly, it can be used as an adversarial learning approach to evolve malware samples until static learning classifiers are no longer able to detect it. While the implementation is relatively simple compared with other Machine Learning approaches, results proved that GP can be a competitive solution to find adversarial malware examples comparing with similar methods. Thus, AIMED - Automatic Intelligent Malware Modifications to Evade Detection - was designed and implemented using genetic algorithms to evade malware classifiers. Our experiments suggest that the time to achieve adversarial malware samples can be reduced up to 50% compared to classic random approaches. Moreover, we implemented AIMED to generate adversarial examples using individual malware scanners as target and tested the evasive files against further classifiers from both research and industry. The generated examples achieved up to 82% of cross-evasion rates among the classifiers.
Recommended citation: R. Labaca-Castro, C. Schmitt, G. Dreo Rodosek: AIMED: Evolving Malware with Genetic Programming to Evade Detection. IEEE 18th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), Rotorua, New Zealand, August 6, 2019.