Improving Classification of Metamorphic Malware by Augmenting Training Data with a Diverse Set of Evolved Mutant Samples

Abstract: Detecting metamorphic malware provides a challenge to machine-learning models as trained models might not generalise to future mutant variants of the malware. To address this, we explore whether machine-learning models can be improved by augmenting training data-sets with samples of potential variants. These variants are generated using an evolutionary algorithm that evolves a behaviourally diverse set of mutants, optimised to avoid detection by a large set of existing detection-engines. Using features calcula… Show more

“…The various detection approaches depend on the kind of information employed when carrying out the analysis. Several other detection techniques have been suggested that involve the use of ML methods e.g Decision Trees (DT) in [10], Hidden Markov Models (HMM) in [37], Support Vector Machines (SVM) in [36] as well as a hybrid of both feature based and sequential ML models in [9].…”

“…In [7] and [8], two EAs were used to generate training data which are used for the generation of the evolved malware mutants used in this work. These methods led to improved metamorphic malware detection within the context of feature based and sequential classifier [9]. The problem of limited training data was however noted.…”

“…We use evasive and diverse mutant variants of malware previously created in [7] and [8]. The effects of using these samples to improve current ML detection models including both feature based and sequential based models were analysed [9]. In this paper, we study if using these mutants in a model that employs transfer learning from NLP can improve their classification accuracy.…”

Evolutionary Based Transfer Learning Approach to Improving Classification of Metamorphic Malware

“…The various detection approaches depend on the kind of information employed when carrying out the analysis. Several other detection techniques have been suggested that involve the use of ML methods e.g Decision Trees (DT) in [10], Hidden Markov Models (HMM) in [37], Support Vector Machines (SVM) in [36] as well as a hybrid of both feature based and sequential ML models in [9].…”

“…In [7] and [8], two EAs were used to generate training data which are used for the generation of the evolved malware mutants used in this work. These methods led to improved metamorphic malware detection within the context of feature based and sequential classifier [9]. The problem of limited training data was however noted.…”

“…We use evasive and diverse mutant variants of malware previously created in [7] and [8]. The effects of using these samples to improve current ML detection models including both feature based and sequential based models were analysed [9]. In this paper, we study if using these mutants in a model that employs transfer learning from NLP can improve their classification accuracy.…”

Evolutionary Based Transfer Learning Approach to Improving Classification of Metamorphic Malware

Metamorphic and polymorphic malware detection and classification using dynamic analysis of API calls

An Evolutionary based Generative Adversarial Network Inspired Approach to Defeating Metamorphic Malware