Machine Learning-Assisted Modification of PE Malware for Antivirus Evasion

  • David Winzer

    Student thesis: Master's Thesis

    Abstract

    Due to the popularity of malware used during attacks, malware authors constantly
    create new ways of obfuscating said malware in order to bypass antivirus solutions. Since
    nowadays antivirus solutions do not rely solely on signatures but use machine learning
    classifiers to detect malware this opens a new way of creating evasive malware by creating
    adversarial examples. This thesis searches an efficient way to create adversarial examples
    of malware that are able to evade static detection of commercial antivirus machines
    without breaking the functionality of the malware. For this purpose a threat model
    was designed in which an attacker wants to evade an antivirus solution without any
    knowledge about its model. The black-box classifier can be queried by the attacker with
    a sample for which a binary feedback will be provided that indicates whether the sample
    was classified as malicious or benign. Based on this information the attacker wants to
    create adversarial examples with a high chance of evasion in as little time as possible.
    To do so, several existing approaches were analyzed and evaluated, from which the most
    promising one was selected for further improvement. The Multi Armed Bandit approach
    by Song et al. [58] was able to distinguish itself due to its beneficial properties regarding
    search space complexity, functionality preservation and resistance to noise. A hybrid scan
    mode was proposed to increase the performance of the existing approach by substituting
    the antivirus machine in selected cases with a locally run machine learning classifier.
    Results showed that the modified approach was able to create adversarial examples of
    malware with a significant performance increase without compromising the evasion rate
    of the original approach. In addition to the proposed attack, several defense measures
    to prevent evasion attacks through adversarial malware in general as well as defense
    measures specifically designed to prevent attacks using the proposed approach have been
    described. In this thesis it was shown that attacks against the machine learning classifier
    of antivirus solutions are possible and can be used to create adversarial examples of
    malware that are able to evade static detection.
    Date of Award2025
    Original languageEnglish
    SupervisorEckehard Hermann (Supervisor)

    Studyprogram

    • Secure Information Systems

    Cite this

    Links

    '