Static PE antimalware evasion by using Reinforcement Learning

Malware detection is a critical capability which is usually deployed in any production system as a first step to increase the infrastructure security. Due to this widespread security measure, and with the intention of carrying out the actions for which it has been designed, malwareis constantly evol...

ver descrição completa

Detalhes bibliográficos
Autor: Gómez Gálvez, Francisco Javier
Formato: tesis de maestría
Fecha de publicación:2021
País:España
Recursos:Universitat Oberta de Catalunya (UOC)
Repositorio:O2, repositorio institucional de la UOC
OAI Identifier:oai:openaccess.uoc.edu:10609/127010
Acesso em linha:http://hdl.handle.net/10609/127010
Access Level:acceso abierto
Palavra-chave:reinforcement learning
deep learning
antimalware evasion
aprendizaje por refuerzo
aprendizaje profundo
evasión antimalware
aprenentatge de reforç
aprenentatge profund
evasió antimalware
Computer security -- TFM
Seguretat informàtica -- TFM
Seguridad informática -- TFM
Descrição
Resumo:Malware detection is a critical capability which is usually deployed in any production system as a first step to increase the infrastructure security. Due to this widespread security measure, and with the intention of carrying out the actions for which it has been designed, malwareis constantly evolving in order to evade common detection techniques, ranging from simple changes aimed to evade signature-based detection to complex variations involving malware virtualization which are able to evade behavioural-based detection. In this project, an experiment based on Reinforcement Learning is designed in order to improve the evasion capabilities of a given self-generated malware sample. Such design is carried out by defining the set of actions that can be taken in order to evade Static PE detection; an environment which evaluates the sample; a reward function that allows us to minimize thedetection rate, and an agent which coordinates the entire process. Tools used in the scope of this project are available for the general public, including those used for self-generating the samples as well as those used to emulate an environment with different antimalware solutions.