Generative Adversarial Networks and Image-Based Malware Classification
This work addresses malware classification for cybersecurity applications, but it is incremental as it applies existing GAN methods to a new domain without major breakthroughs.
The paper tackled malware family classification by converting malware executables to images and using Generative Adversarial Networks (GANs), specifically AC-GAN, for multiclass classification, finding it competitive with other methods like SVM and XGBoost, but the generated images were ineffective for adversarial attacks as they were easily distinguished from real ones.
For efficient malware removal, determination of malware threat levels, and damage estimation, malware family classification plays a critical role. In this paper, we extract features from malware executable files and represent them as images using various approaches. We then focus on Generative Adversarial Networks (GAN) for multiclass classification and compare our GAN results to other popular machine learning techniques, including Support Vector Machine (SVM), XGBoost, and Restricted Boltzmann Machines (RBM). We find that the AC-GAN discriminator is generally competitive with other machine learning techniques. We also evaluate the utility of the GAN generative model for adversarial attacks on image-based malware detection. While AC-GAN generated images are visually impressive, we find that they are easily distinguished from real malware images using any of several learning techniques. This result indicates that our GAN generated images would be of little value in adversarial attacks.