What is it about?
This paper proposes and demonstrates a generic assembly source code based framework and algorithm (Malware Antigen Generating Evolutionary Algorithm - MAGE) that facilitates any evolutionary algorithm to generate diverse and potential variants of an input malware, while retaining its maliciousness, yet capable of evading antivirus scanners. The results demonstrate the effectiveness of the framework in generating diverse variants and the generated variants have been shown to evade over 98% of popular antivirus scanners. The malware variants evolved by the framework can serve as antigens to assist malware analysis engines to improve their malware detection algorithms.
Featured Image
Photo by Ivan Diaz on Unsplash
Why is it important?
It is well known that anti-malware scanners depend on malware signatures to identify malware and that even minor modifications to malware code structure results in a change in the malware signature thus enabling the variant to evade detection by antivirus scanners. Most of these scanners depend on AI models to generate the signatures, but the AI themselves depend on datasets to learn. Therefore, there exists the need for a proactively generated malware variant dataset to aid detection of such diverse variants by automated antivirus scanners.
Perspectives
The computer virus itself is named after its biological counterpart and it is extremely satisfying to use biological vaccination strategies as the inspiration to solve one of the cyber security problems that affect almost every computing device user.
Ritwik Murali
Read the Original
This page is a summary of: Adapting novelty towards generating antigens for antivirus systems, July 2022, ACM (Association for Computing Machinery),
DOI: 10.1145/3512290.3528693.
You can read the full text:
Contributors
The following have contributed to this page
