Multimodal Deep Learning Feedback for Generating Evasive Malware Samples Against Malware Detector

Abstract

As data driven-based Windows malware detectors become increasingly prevalent, the need for robust evaluation and enhancement of adversarial malware generation techniques also becomes imperative, as malicious actors will adapt and enhance their malware to evade detection. There are numerous works that introduce new techniques or enhancements for adversarial malware. One of these approaches is to leverage an iterative process, dynamically modifying adversarial malware with populations of injections based on feedback from a machine learning-based detector, aiming to enhance evasion capabilities through successive iterations. It is obvious that the effectiveness of a robust adversarial malware is influenced not only by the quality of the manipulation payload injected into the malware, but also by the capabilities and strength of the detector that interacts with the manipulated malware. In this paper, we introduce a multimodal approach to generate adversarial malware with robustness specifically fortified through the feedback of a deep learning (DL) detector with multiple modalities in the progress of adversaries generation. We evaluate the effectiveness of our approach in comparison to the implementation of conventional unimodal detectors such as MalConv in previous works with our proper adaptation in manipulation technique. We also consider the malware detection performance of the common antivirus platform VirusTotal with adversarial samples, and notably that the robust adversarial malware were able to evade up to average 3 detection programs more than the initial malware does.