ABSTRACT
We designed and developed DOOM (Adversarial-DRL based Opcode level Obfuscator to generate Metamorphic malware), a novel system that uses adversarial deep reinforcement learning to obfuscate malware at the op-code level for the enhancement of IDS. The ultimate goal of DOOM is not to give a potent weapon in the hands of cyber-attackers, but to create defensive-mechanisms against advanced zero-day attacks. Experimental results indicate that the obfuscated malware created by DOOM could effectively mimic multiple-simultaneous zero-day attacks. To the best of our knowledge, DOOM is the first system that could generate obfuscated malware detailed to individual op-code level. DOOM is also the first-ever system to use efficient continuous action control based deep reinforcement learning in the area of malware generation and defense. Experimental results indicate that over 67% of the metamorphic malware generated by DOOM could easily evade detection from even the most potent IDS. This achievement gains significance, as with this, even IDS augment with advanced routing sub-system can be easily evaded by the malware generated by DOOM.
- Jean-Marie Borello and Ludovic Mé. 2008. Code obfuscation techniques for metamorphic viruses. Journal in Computer Virology 4, 3 (2008), 211--220.Google ScholarCross Ref
- Priti Desai and Mark Stamp. 2010. A highly metamorphic virus generator. IJMIS 1 (2010), 402--427.Google ScholarCross Ref
- David Silver et. al. 2014. Deterministic Policy Gradient Algorithms. In ICML'14 - Volume 32 (ICML'14). JMLR.org, I-387--I-395.Google Scholar
- Timothy P. Lillicrap et. al. 2015. Continuous control with deep reinforcement learning. CoRR abs/1509.02971 (2015). arXiv:1509.02971Google Scholar
- Volodymyr Mnih et. al. 2015. Human-level control through deep reinforcement learning. Nature 518, 7540 (2015), 529--533.Google Scholar
- Weiwei Hu and Ying Tan. 2017. Generating Adversarial Malware Examples for Black-Box Attacks Based on GAN. CoRR abs/1702.05983 (2017). arXiv:1702.05983Google Scholar
- Zilong Lin, Yong Shi, and Zhi Xue. 2018. IDSGAN: Generative Adversarial Networks for Attack Generation against Intrusion Detection. CoRR abs/1809.02077 (2018). arXiv:1809.02077Google Scholar
- Antonio Nappa, M. Zubair Rafique, and Juan Caballero. 2015. The MALICIA Dataset: Identification and Analysis of Drive-by Download Operations. Int. J. Inf. Secur. 14, 1 (Feb. 2015), 15--33.Google ScholarDigital Library
- Hemant Rathore, Sanjay K Sahay, Palash Chaturvedi, and Mohit Sewak. 2018. Android malicious application classification using clustering. In International Conference on Intelligent Systems Design and Applications. Springer, 659--667.Google Scholar
- Sanjay K Sahay, Ashu Sharma, and Hemant Rathore. 2020. Evolution of Malware and Its Detection Techniques. In Information and Communication Technology for Sustainable Development. Springer, 139--150.Google Scholar
- John Schulman, Filip Wolski, Prafulla Dhariwal, Alec Radford, and Oleg Klimov. 2017. Proximal Policy Optimization Algorithms. CoRR abs/1707.06347 (2017).Google Scholar
- Mohit Sewak. 2019. Deep Reinforcement Learning: Frontiers of Artificial Intelligence (1st ed.). Springer Publishing Company, Incorporated.Google Scholar
- Mohit Sewak, Sanjay K. Sahay, and Hemant Rathore. 2018. Comparison of Deep Learning and the Classical Machine Learning Algorithm for the Malware Detection. In 19th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing. 293--296.Google Scholar
- Mohit Sewak, Sanjay K Sahay, and Hemant Rathore. 2020. An Overview of Deep Learning Architecture of Deep Neural Networks and Autoencoders. Journal of Computational and Theoretical Nanoscience 17, 1 (2020), 182--188.Google ScholarCross Ref
- Muhammad Usama, Muhammad Asim, Siddique Latif, Junaid Qadir, and Ala I. Al-Fuqaha. 2019. Generative Adversarial Networks For Launching and Thwarting Adversarial Attacks on Network Intrusion Detection Systems. IWCMC'19 (2019), 78--83.Google Scholar
- M. Usama, M. Asim, S. Latif, J. Qadir, and Ala-Al-Fuqaha. 2019. Generative Adversarial Networks For Launching and Thwarting Adversarial Attacks on Network Intrusion Detection Systems. 78--83.Google Scholar
- Hado van Hasselt, Arthur Guez, and David Silver. 2015. Deep Reinforcement Learning with Double Q-learning. CoRR abs/1509.06461 (2015). arXiv:1509.06461Google ScholarDigital Library
- D. Wu, B. Fang, J. Wang, Q. Liu, and X. Cui. 2019. Evading Machine Learning Botnet Detection Models via Deep Reinforcement Learning. In ICC'2019. 1--6.Google Scholar
Recommendations
Metamorphic malware detection using opcode frequency rate and decision tree
Malware is defined as any type of malicious code that is the potent to harm a computer or a network. Modern malwares are accompanied with mutation characteristics, namely polymorphism and metamorphism. They let malwares to generate enormous number of ...
Metamorphic malware detection using base malware identification approach
Malware is a malicious program that is intentionally developed to harm computer systems. Because the metamorphic malwares are advanced in nature, they mutate their code in each generation by employing code obfuscation techniques to thwart detection. ...
Static CFG analyzer for metamorphic Malware code
SIN '09: Proceedings of the 2nd international conference on Security of information and networksMalware detection and prevention methods are increasingly becoming important particularly for all computer systems connected to Internet. The term 'Malware' is collectively used for viruses, worms, Trojan's etc. Malicious activities of malware is to ...
Comments