Static PE antimalware evasion by using Reinforcement Learning
Malware detection is a critical capability which is usually deployed in any production system as a first step to increase the infrastructure security. Due to this widespread security measure, and with the intention of carrying out the actions for which it has been designed, malwareis constantly evol...
| Autor: | |
|---|---|
| Tipo de recurso: | tesis de maestría |
| Fecha de publicación: | 2021 |
| País: | España |
| Institución: | Universitat Oberta de Catalunya (UOC) |
| Repositorio: | O2, repositorio institucional de la UOC |
| OAI Identifier: | oai:openaccess.uoc.edu:10609/127010 |
| Acceso en línea: | http://hdl.handle.net/10609/127010 |
| Access Level: | acceso abierto |
| Palabra clave: | reinforcement learning deep learning antimalware evasion aprendizaje por refuerzo aprendizaje profundo evasión antimalware aprenentatge de reforç aprenentatge profund evasió antimalware Computer security -- TFM Seguretat informàtica -- TFM Seguridad informática -- TFM |
| Sumario: | Malware detection is a critical capability which is usually deployed in any production system as a first step to increase the infrastructure security. Due to this widespread security measure, and with the intention of carrying out the actions for which it has been designed, malwareis constantly evolving in order to evade common detection techniques, ranging from simple changes aimed to evade signature-based detection to complex variations involving malware virtualization which are able to evade behavioural-based detection. In this project, an experiment based on Reinforcement Learning is designed in order to improve the evasion capabilities of a given self-generated malware sample. Such design is carried out by defining the set of actions that can be taken in order to evade Static PE detection; an environment which evaluates the sample; a reward function that allows us to minimize thedetection rate, and an agent which coordinates the entire process. Tools used in the scope of this project are available for the general public, including those used for self-generating the samples as well as those used to emulate an environment with different antimalware solutions. |
|---|