FUMVar

“…However, most existing techniques do not ensure that the generated variants' behaviors are identical to the original malware sample's behaviors. Jin et al [11] proposed the framework called FUMVar using a genetic algorithm (GA) with a fitness score function that uses a publicly available malware detection system named VirusTotal 1 to generate more evasive malware variants against commercial malware detectors. In contrast to previous works, the generated malware variants' functional behaviors are kept identical to the original malware's, achieved by analyzing them with the Cuckoo sandbox as ensured by FUMVar.…”

“…In this paper, we extend and improve FUMVar [11] into a more effective and practical one dubbed FUMVar-Ex with (1) new perturbations reflecting the techniques used to generate real-world malware samples (2) a new malware behavior validation method using aggregated evaluation that improves the validation of generated malware variants' functionality and their equivalence to the original malware samples, and (3) more comprehensive experiments and improved results using FUMVar-Ex compared with FUMVar and other stateof-the-art techniques. For the first extension, we introduce new perturbation techniques modifying portable executable (PE) sections directly, whereas, in FUMVar, we only implemented the perturbation methods that only modified a few bytes of the header field, which did not reflect more complex malware perturbation methods used in practice.…”

“…The effectiveness of FUMVar-Ex has been compared to four state-of-the-art malware variant generation frameworks: FUMVar [11], AIMED [8], RL [6], and MAB-MALWARE [13]. The experimental results demonstrate that FUMVar-Ex outperforms the other frameworks, achieving a remarkable improvement in evasiveness of up to 19% compared to the second most effective framework, FUMVar [11].…”

“…The effectiveness of FUMVar-Ex has been compared to four state-of-the-art malware variant generation frameworks: FUMVar [11], AIMED [8], RL [6], and MAB-MALWARE [13]. The experimental results demonstrate that FUMVar-Ex outperforms the other frameworks, achieving a remarkable improvement in evasiveness of up to 19% compared to the second most effective framework, FUMVar [11]. Further, the detection rates against commercial anti-malware products (e.g., BitDefender, AVG, Kaspersky, and Avast) were evaluated using the malware variants generated by FUMVar-Ex, demonstrating that the detection rates for the variants significantly decreased by up to 86% compared with their original samples.…”

“…• We present a framework dubbed FUMVar-Ex, a significant extension from the FUMVar framework [11], that efficiently generates fully working malware variants with improved evasion techniques to bypass malware detectors. The link to our source code can be found from https: //github.com/FUMVar/FUMVar-Ex; • We introduce new and complex perturbation methods, which mimic more practical perturbations used in realworld that improves the evasiveness of malware variants significantly;…”

On the Effectiveness of Perturbations in Generating Evasive Malware Variants

“…However, most existing techniques do not ensure that the generated variants' behaviors are identical to the original malware sample's behaviors. Jin et al [11] proposed the framework called FUMVar using a genetic algorithm (GA) with a fitness score function that uses a publicly available malware detection system named VirusTotal 1 to generate more evasive malware variants against commercial malware detectors. In contrast to previous works, the generated malware variants' functional behaviors are kept identical to the original malware's, achieved by analyzing them with the Cuckoo sandbox as ensured by FUMVar.…”

“…In this paper, we extend and improve FUMVar [11] into a more effective and practical one dubbed FUMVar-Ex with (1) new perturbations reflecting the techniques used to generate real-world malware samples (2) a new malware behavior validation method using aggregated evaluation that improves the validation of generated malware variants' functionality and their equivalence to the original malware samples, and (3) more comprehensive experiments and improved results using FUMVar-Ex compared with FUMVar and other stateof-the-art techniques. For the first extension, we introduce new perturbation techniques modifying portable executable (PE) sections directly, whereas, in FUMVar, we only implemented the perturbation methods that only modified a few bytes of the header field, which did not reflect more complex malware perturbation methods used in practice.…”

“…The effectiveness of FUMVar-Ex has been compared to four state-of-the-art malware variant generation frameworks: FUMVar [11], AIMED [8], RL [6], and MAB-MALWARE [13]. The experimental results demonstrate that FUMVar-Ex outperforms the other frameworks, achieving a remarkable improvement in evasiveness of up to 19% compared to the second most effective framework, FUMVar [11].…”

“…The effectiveness of FUMVar-Ex has been compared to four state-of-the-art malware variant generation frameworks: FUMVar [11], AIMED [8], RL [6], and MAB-MALWARE [13]. The experimental results demonstrate that FUMVar-Ex outperforms the other frameworks, achieving a remarkable improvement in evasiveness of up to 19% compared to the second most effective framework, FUMVar [11]. Further, the detection rates against commercial anti-malware products (e.g., BitDefender, AVG, Kaspersky, and Avast) were evaluated using the malware variants generated by FUMVar-Ex, demonstrating that the detection rates for the variants significantly decreased by up to 86% compared with their original samples.…”

“…• We present a framework dubbed FUMVar-Ex, a significant extension from the FUMVar framework [11], that efficiently generates fully working malware variants with improved evasion techniques to bypass malware detectors. The link to our source code can be found from https: //github.com/FUMVar/FUMVar-Ex; • We introduce new and complex perturbation methods, which mimic more practical perturbations used in realworld that improves the evasiveness of malware variants significantly;…”

On the Effectiveness of Perturbations in Generating Evasive Malware Variants

Peeler: Profiling Kernel-Level Events to Detect Ransomware

Game-theoretic approach to epidemic modeling of countermeasures against future malware evolution