EGAN: Evolutional GAN for Ransomware Evasion
This work addresses a specific problem for cybersecurity researchers and practitioners by developing an incremental method to evade antivirus detection, potentially aiding in defense improvement.
The authors tackled the challenge of generating functional adversarial ransomware samples for adversarial training by proposing EGAN, an attack framework combining Evolution Strategy and GANs, which successfully bypassed most AI-powered antivirus systems on VirusTotal and increased evasion probability for some non-AI solutions.
Adversarial Training is a proven defense strategy against adversarial malware. However, generating adversarial malware samples for this type of training presents a challenge because the resulting adversarial malware needs to remain evasive and functional. This work proposes an attack framework, EGAN, to address this limitation. EGAN leverages an Evolution Strategy and Generative Adversarial Network to select a sequence of attack actions that can mutate a Ransomware file while preserving its original functionality. We tested this framework on popular AI-powered commercial antivirus systems listed on VirusTotal and demonstrated that our framework is capable of bypassing the majority of these systems. Moreover, we evaluated whether the EGAN attack framework can evade other commercial non-AI antivirus solutions. Our results indicate that the adversarial ransomware generated can increase the probability of evading some of them.