This paper attempts to employ Evolutionary Algorithm(EA) techniques to evolve variants of a computer virus(Timid) that successfully evades popular antivirus scanners. Generating authentic variants of a specific malware results in a valid database of malware variants, which is sought by anti-malware scanners, so as to identify the variants before they are released by malware developers. This preliminary investigation applies EAs to mutate the Timid virus with a simple code evasion strategy, i.e., insertion and deletion(if available) of a specific assembly code instruction directly into the virus source code. Starting with a database of over 60 popular antivirus scanners, this EA based approach for malware variant generation successfully evolves Timid variants that evade more than 97% of the antivirus scanners. The results from these preliminary investigations demonstrate the potential for EA based malware generation and also opens up avenues for further analysis.
Al-SheshtawiK.A., Abdul-KaderH. and IsmailN.A., Artificial immune clonal selection classification algorithms for classifying malware and benign processes using api call sequences, International Journal of Computer Science and Network Security10(4) (2010), 31–39.
2.
AydoganE. and SenS., Automatic generation of mobile malwares using genetic programming. In European conference on the applications of evolutionary computation, (2015), pp. 745–756. Springer.
3.
BlountJ.J., TauritzD.R. and MulderS.A., Adaptive rulebased malware detection employing learning classifier systems: a proof of concept. In 2011 IEEE 35th Annual Computer Software and Applications Conference Workshops (2011), pp. 110–115. IEEE.
4.
CaniA., GaudesiM., SanchezE., SquilleroG. and TondaA., Towards automated malware creation: code generation and code integration. In Proceedings of the 29th Annual ACM Symposium on Applied Computing, (2014), pp. 157–160. ACM, 2014.
5.
CavallaroL., SaxenaP. and SekarR., Anti-taint-analysis: Practical evasion techniques against information flow based malware defense. Secure Systems Lab at Stony Brook University, Tech Rep (2007), pp. 1–18.
6.
DahlG.E., StokesJ.W., DengL. and YuD., Largescale malware classification using random projections and neural networks. In 2013 IEEE International Conference on Acoustics, Speech and Signal Processing (2013), pp. 3422–3426. IEEE.
7.
DemertzisK. and IliadisL., Evolving computational intelligence system for malware detection. In International Conference on Advanced Information Systems Engineering, (2014), pp. 322–334. Springer.
8.
FossiM., EganG., HaleyK., JohnsonE., MackT., AdamsT., BlackbirdJ., LowM.K., MazurekD., McKinneyD., et al., Symantec internet security threat report trends for 2010. Volume XVI, 2011.
9.
A.-T. Institute, Malware statistics & trends report: Av-test, Apr 2019.
10.
IslamR., TianR., BattenL.M. and VersteegS., Classification of malware based on integrated static and dynamic features, Journal of Network and Computer Applications36(2) (2013), 646–656.
11.
KinableJ. and KostakisO., Malware classification based on call graph clustering, Journal in Computer Virology7(4) (2011), 233–245.
12.
LudwigM.A., The Little Black Book of Computer Viruses. Amer Eagle Pubns Inc, 1991.
13.
R. M and P.K. Analyzing the makier virus, International Journal of Computer Science Issues (IJCSI)10(2 Part 1) (2013), 530.
14.
MalanovA.V. and KamlyukV.A., Rapid heuristic method and system for recognition of similarity between malware variants, Aug. 21 2012. US Patent 8,250,655.
15.
MarpaungJ.A., SainM. and LeeH.-J., Survey on malware evasion techniques: State of the art and challenges. In 2012 14th International Conference on Advanced Communication Technology (ICACT) (2012), pp. 744–749. IEEE.
16.
MartínA., Fuentes-HurtadoF., NaranjoV. and CamachoD., Evolving deep neural networks architectures for android malware classification. In 2017 IEEE Congress on Evolutionary Computation (CEC), (2017), pp. 1659–1666. IEEE.
17.
MartinA., MenéndezH.D. and CamachoD., Genetic boosting classification for malware detection. In 2016 IEEE Congress on Evolutionary Computation (CEC) (2016), pp. 1030–1037. IEEE.
18.
MartínA., MenéndezH.D. and CamachoD., Mocdroid: multi-objective evolutionary classifier for android malware detection, Soft Computing21(24) (2017), 7405–7415.
19.
MengG., XueY., MahinthanC., NarayananA., LiuY., ZhangJ. and ChenT., Mystique: Evolving android malware for auditing anti-malware tools. In Proceedings of the 11th ACM on Asia conference on computer and communications security, (2016), pp. 365–376. ACM.
20.
NoreenS., MurtazaS., ShafiqM.Z. and FarooqM., Evolvablemalware. In Proceedings of the 11th Annual conference on Genetic and evolutionary computation, (2009), pp. 1569–1576. ACM, 2009.
21.
NoreenS., MurtazaS., ShafiqM.Z. and FarooqM., Using formal grammar and genetic operators to evolve malware. In RAID (2009), pp. 374–375.
22.
PascanuR., StokesJ.W., SanossianH., MarinescuM. and Thomas.A., Malware classification with recurrent networks. In 2015 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), (2015), pp. 1916–1920. IEEE.
23.
PaulT.G. and KumarT.G., A framework for dynamic malware analysis based on behavior artifacts. In Proceedings of the 5th International Conference on Frontiers in Intelligent Computing: Theory and Applications (2017), pp. 551–559. Springer.
24.
RafiqueM.Z., ChenP., HuygensC. and JoosenW., Evolutionary algorithms for classification of malware families through different network behaviors. In Proceedings of the 2014 Annual Conference on Genetic and Evolutionary Computation, (2014), pp. 1167–1174. ACM.
25.
SecurityMagazine. “cyber attacks cost $45 billion in 2018.”, July 2019.
26.
ShafiqM.Z., TabishS.M. and FarooqM., On the appropriateness of evolutionary rule learning algorithms for malware detection. In Proceedings of the 11th Annual Conference Companion on Genetic and Evolutionary Computation Conference: Late Breaking Papers (2009), pp. 2609–2616. ACM.
27.
SquilleroG., Microgp—an evolutionary assembly program generator, Genetic Programming and Evolvable Machines6(3) (2005), 247–263.
28.
WilliamsH.C., CarterJ.N., CampbellW.L., RoyK. and DozierG.V., Genetic & evolutionary feature selection for author identification of html associated with malware, International Journal of Machine Learning and Computing4(3) (2014), 250.
