Disarming visualization-based approaches in malware detection systems

Visualization-based approaches have recently been used in conjunction with signature-based techniques to detect variants of malware files. Indeed, it is sufficient to modify some byte of executable files to modify the signature and, thus, to elude a signature-based detector. In this paper, we design a GAN-based architecture that allows an attacker to generate variants of a malware in which the malware patterns found by visualization-based approaches are hidden, thus producing a new version of the malware that is not detected by both signature-based and visualization-based techniques. The experiments carried out on a well-known malware dataset show a success rate of 100% in generating new variants of malware files that are not detected from the state-of-the-art visualization-based technique. (c) 2022 The Author(s). Published by Elsevier Ltd. This is an open access article under the CC BY license ( http://creativecommons.org/licenses/by/4.0/ )

Automated summary

Recently, visualization-based approaches have been used together with signature-based techniques to detect variants of malware files. By modifying some bytes of executable files, attackers can modify the signature and evade signature-based detectors. In this paper, we propose a GAN-based architecture that allows attackers to generate malware variants in which the malware patterns found by visualization-based approaches are hidden, resulting in a new version of the malware that cannot be detected by both signature-based and visualization-based techniques. Experiments on a well-known malware dataset show a 100% success rate in generating new malware variants that are not detected by the state-of-the-art visualization-based technique.