ADVERSARIALuscator: An Adversarial-DRL based Obfuscator and Metamorphic Malware Swarm Generator

  title={ADVERSARIALuscator: An Adversarial-DRL based Obfuscator and Metamorphic Malware Swarm Generator},
  author={Mohit Sewak and Sanjay Kumar Sahay and Hemant Rathore},
  journal={2021 International Joint Conference on Neural Networks (IJCNN)},
Advanced metamorphic malware and ransomware, by using obfuscation, could alter their internal structure with every attack. If such malware could intrude even into any of the IoT network, then even if the original malware instance get detected, by that time it can still infect the entire network. The IoT era also required Industry 4.0 grade AI based defense against such advanced malware. But AI algorithm need a lot of training data, and it is challenging to obtain training data for such evasive… Expand

Figures from this paper


DOOM: a novel adversarial-DRL-based op-code level metamorphic malware obfuscator for the enhancement of IDS
DOOM (Adversarial-DRL based Opcode level Obfuscator to generate Metamorphic malware), a novel system that uses adversarial deep reinforcement learning to obfuscate malware at the op-code level for the enhancement of IDS, is developed. Expand
Adversarial Malware Binaries: Evading Deep Learning for Malware Detection in Executables
This work proposes a gradient-based attack that is capable of evading a recently-proposed deep network suited to this purpose by only changing few specific bytes at the end of each mal ware sample, while preserving its intrusive functionality. Expand
Evading Machine Learning Botnet Detection Models via Deep Reinforcement Learning
A more general framework based on deep reinforcement learning (DRL) is proposed, which effectively generates adversarial traffic flows to deceive the detection model by automatically adding perturbations to samples. Expand
Learning to Evade Static PE Machine Learning Malware Models via Reinforcement Learning
This work proposes a more general framework based on reinforcement learning (RL) for attacking static portable executable (PE) anti-malware engines and shows in experiments that this method can attack a gradient-boosted machine learning model with evasion rates that are substantial and appear to be strongly dependent on the dataset. Expand
Generating Adversarial Malware Examples for Black-Box Attacks Based on GAN
The superiority of MalGAN over traditional gradient based adversarial example generation algorithms is that MalGAN is able to decrease the detection rate to nearly zero and make the retraining based defensive method against adversarial examples hard to work. Expand
Robust Android Malware Detection System against Adversarial Attacks using Q-Learning
This paper created new variants of malware using Reinforcement Learning, which will be misclassified as benign by the existing Android malware detection models and proposes two novel attack strategies, namely single policy attack and multiple policy attack using reinforcement learning for white-box and grey-box scenario respectively. Expand
IDSGAN: Generative Adversarial Networks for Attack Generation against Intrusion Detection
A framework of the generative adversarial networks, IDSGAN, is proposed to generate the adversarial attacks, which can deceive and evade the intrusion detection system. Expand
Different Obfuscation Techniques for Code Protection
This paper presents some of the obfuscation methods, which can help to protect the sensitive code fragments of any software, without alteration of inherent functionalities of the software. Expand
Generative Adversarial Networks For Launching and Thwarting Adversarial Attacks on Network Intrusion Detection Systems
An adversarial ML attack using generative adversarial networks (GANs) that can successfully evade an ML-based IDS is proposed and it is shown that GANs can be used to inoculate the IDS and make it more robust to adversarial perturbations. Expand
Towards Generic Deobfuscation of Windows API Calls
This paper introduces a static analysis technique allowing generic deobfuscation of Windows API calls, and utilizes symbolic execution and hidden Markov models to predict API names from the arguments passed to the API functions. Expand