In recent years,many adversarial malware examples with different feature strategies,especially GAN and its variants,have been introduced to handle the security threats,e.g.,evading the detection of machine learning detectors.However,these solutions still suffer from problems of complicated deployment or long running time.In this paper,we propose an n-gram MalGAN method to solve these problems.We borrow the idea of n-gram from the Natural Language Processing(NLP)area to expand feature sources for adversarial malware examples in MalGAN.Generally,the n-gram MalGAN obtains the feature vector directly from the hexadecimal bytecodes of the executable file.It can be implemented easily and conveniently with a simple program language(e.g.,C++),with no need for any prior knowledge of the executable file or any professional feature extraction tools.These features are functionally independent and thus can be added to the non-functional area of the malicious program to maintain its original executability.In this way,the n-gram could make the adversarial attack easier and more convenient.Experimental results show that the evasion rate of the n-gram MalGAN is at least 88.58％to attack different machine learning algorithms under an appropriate group rate,growing to even 100％for the Random Forest algorithm.

Enmin Zhu;Jianjie Zhang;Jijie Yan;Kongyang Chen;Chongzhi Gao

School of Computer Science and Cyber Engineering,Guangzhou University,Guangzhou,510006,China;Institute of Artificial Intelligence and Blockchain,Guangghou University,Guangzhou,510006,China;Pazzhou Lab,Guangzhou,510330,China

数字通信与网络（英文）

[1]Enmin Zhu;Jianjie Zhang;Jijie Yan;Kongyang Chen;Chongzhi Gao-.N-gram MalGAN:Evading machine learning detection via feature n-gram)[J].数字通信与网络（英文）,2022(04):485-491

MalGAN,Evading,hexadecimal,bytecodes,executable,executability

machine,learning,detection,via,In,recent,years,many,adversarial,malware,examples,different,strategies,especially,its,variants,have,been,introduced,handle,security,threats,evading,detectors,However,these,solutions,still,suffer,from,problems,complicated,deployment,long,running,this,paper,propose,method,solve,We,borrow,idea,Natural,Language,Processing,NLP,area,expand,sources,Generally,obtains,vector,directly,file,It,can,implemented,easily,conveniently,simple,program,language,C++,need,prior,knowledge,professional,extraction,tools,These,features,functionally,independent,thus,added,malicious,maintain,original,way,could,make,attack,easier,more,Experimental,results,show,that,evasion,least,algorithms,under,appropriate,group,growing,even,Random,Forest

0.520626