Bot vs. Bot for Evading Machine Learning Malware Detection

by Hyrum Anderson
Sept. 14, 2017 1 comment Pen Testing & Audits

Machine learning offers opportunities to improve malware detection because of its ability to generalize to never-before-seen malware families and polymorphic strains. This has resulted in its practical use for either primary detection engines or supplementary heuristic detection's by AV vendors. However, machine learning is also especially susceptible to evasion attacks by, ironically but unsurprisingly, other machine learning methods. We demonstrate how to evade machine learning malware detection by setting up an AI agent to compete against the malware detector that proactively probes it for blind spots that can be exploited. We focus on static Windows PE malware evasion, but the framework is generic and could be extended to other domains.

Steven Ulm 8 months, 1 week ago

I really find your article useful to people working generally in the cyber security field! Well written!