A Method of Mutating Windows Malwares using Reinforcement Learning with Functionality Preservation

9:46 16/10/2022

Recently, the development in both quantity and complication of malware has raised a need of powerful malware detection solution. The outstanding characteristics of machine learning (ML) and deep learning (DL) techniques has been leveraged in the fight against malware. However, they are proved to be vulnerable against adversarial attacks, where intended modifications in malware can flip the detection result and then evade the detector's eyes. This research area is being focused and deeply interested in many publications due to its significance in the robustness evaluation of malware detection approach. In such works, using Generative Adversarial Networks (GANs) or Reinforcement Learning (RL) can help malware authors crafting metamorphic malware against antivirus. Unfortunately, the functionality of created malware is not mentioned and verified during mutation phase, which can result in evasive but useless malware mutants. In this paper, we focus on Windows Portable Executable malware and propose a RL-based malware mutant creation approach to fool black-box static ML/DL-based detector. Specifically, we introduce a validator to confirm the functionality preservation, which is one of our requirements for a successful created malware. The experiment results prove the effectiveness of our solution on crafting elusive and executable Windows malware mutants