Towards automated malware creation: code generation and code integration

  title={Towards automated malware creation: code generation and code integration},
  author={Andrea Cani and Marco Gaudesi and Ernesto S{\'a}nchez and Giovanni Squillero and Alberto Paolo Tonda},
  journal={Proceedings of the 29th Annual ACM Symposium on Applied Computing},
  • Andrea Cani, M. Gaudesi, A. Tonda
  • Published 24 March 2014
  • Computer Science
  • Proceedings of the 29th Annual ACM Symposium on Applied Computing
This short paper proposes two different ways for exploiting an evolutionary algorithm to devise malware: the former targeting heuristic-based anti-virus scanner; the latter optimizing a Trojan attack. An extended internal on the same the subject can be downloaded from 

Figures and Tables from this paper

Polymorphic Malware Detection
Researchers examined how to detect polymorphic malware from the list of samples file based on dropped files and found it to be easy to detect.
Auditing Anti-Malware Tools by Evolving Android Malware and Dynamic Loading Technique
Experimental results on real-world devices show that existing AMTs are incapable of detecting most of the generated malware, and the approach, named Mystique-S, is implemented, as a service-oriented malware generation system.
Challenging Anti-virus Through Evolutionary Malware Obfuscation
A novel method for malware obfuscation based an evolutionary opcode generator and a special ad-hoc packer is described that can be used by the security industry to test the ability of their system to react to malware mutations.
Generating behavior-based malware detection models with genetic programming
It is shown that FrankenMods are substantially more robust and effective than a state-of-the-art graph metric-based detection approach.
Mystique: Evolving Android Malware for Auditing Anti-Malware Tools
This paper proposes a meta model for Android malware to capture the common attack features and evasion features in the malware, and develops a framework, MYSTIQUE, to automatically generate malware covering four attack Features and two evasion features, by adopting the software product line engineering approach.
A Novel Method for Detecting Future Generations of Targeted and Metamorphic Malware Based on Genetic Algorithm
A novel solution for detecting rare and mutating malware programs and provides a strategy to address the scarcity of datasets for modeling these types of malware by genetic algorithms and an optimization strategy that selectively creates generations of mutated elite malware samples.
Multinomial malware classification based on call graphs
This thesis utilizes expert knowledge to derive expert graphs describing a malware family, and the graph is used to match unknown samples to search for likeness, addressing one such approach where different malware families are executed.
FUMVar: a practical framework for generating Fully-working and Unseen Malware Variants
An evolutionary-based framework named FUMVar to generate Fully-working and Unseen Malware Variants is proposed and applied on portable executable (PE) files that have been used extensively to infect Windows operating systems to improve the detection techniques.
A Conceptual Direction on Automatically Evolving Computer Malware using Genetic and Evolutionary Algorithms
  • R. Murali, C. Velayutham
  • Computer Science
    2020 International Conference on Inventive Computation Technologies (ICICT)
  • 2020
It is shown that computer malware is a perfect example of an artificial ecosystem with a co-evolutionary predator-prey framework and an attempt is made to merge the two domains of biologically inspired computing and computer malware.
Effectiveness of Android Obfuscation on Evading Anti-malware
This work verified the trend of transformed malware in evading detection, with a larger and more updated database of known malware, and proved that current mainstream AMTs do not build up resilience against obfuscation methods, but instead try to update the signature database on created variants.


Malware Obfuscation Techniques: A Brief Survey
  • I. You, Kangbin Yim
  • Computer Science
    2010 International Conference on Broadband, Wireless Computing, Communication and Applications
  • 2010
The malware obfuscation techniques are explored while reviewing the encrypted, oligomorphic, polymorphic and metamorphic malwares which are able to avoid detection.
Darwin inside the machines: Malware evolution and the consequences for computer security
In this paper, theoretical proof behind malware implementation that closely models Darwinian evolution is provided and it is predicted that behaviour-based virus detection would quickly become ineffective if malware can evolve based on the Darwinian paradigm.
Evolvable malware
This paper validate the notion of evolution in viruses on a well-known virus family, called Bagle, and proposes an evolutionary framework that consists of a code analyzer that generates a high-level genotype representation of a virus from its machine code, and a genetic algorithm that uses the standard selection, cross-over and mutation operators to evolve viruses.
Camouflage in Malware: from Encryption to Metamorphism
The concept of camouflage in malware and its evolution from non-stealth days to modern metamorphism is reviewed and obfuscation techniques exploited by meetamorphism, the most recent method in malware camouflage are explored.
Computer viruses: Theory and experiments
  • F. Cohen
  • Computer Science
    Comput. Secur.
  • 1987
The evolution of viruses and worms
Computer viruses and network worms have evolved through a continuous series of innovations, leading to the recent wave of fast-spreading and dangerous worms, and more dangerous payloads are becoming commonplace.
MicroGP—An Evolutionary Assembly Program Generator
This paper describes μGP, an evolutionary approach for generating assembly programs tuned for a specific microprocessor. The approach is based on three clearly separated blocks: an evolutionary core,
The Giant Black Book Of Computer Viruses
Test equipment for logic circuit in disclosed which includes attachment. The attachment comprises signal level detector, oscillators operated in accordance with the signal level and acoustic
Zero Day Exploits
  • Dirk Fox
  • Computer Science
    Datenschutz und Datensicherheit - DuD
  • 2009
Da Angreifersoftware heute in zunehmendem Umfang in Gestalt of Open Source Projekten weiterentwickelt wird, stellt die Veröffentlichung of Exploits eine wachsende Gefahr dar.
Computer Viruses as Artificial Life
This paper examines how viruses meet properties associated with life as defined by some researchers in the area of artificial life and self-organizing systems, and begins with a description of how computer viruses operate and their history.