AMVG: Adaptive Malware Variant Generation Framework Using Machine Learning

There are advances in detecting malware using machine learning (ML), but it is still a challenging task to detect advanced malware variants (e.g., polymorphic and metamorphic variations). To detect such variants, we first need to understand the methods used to generate them to bypass the detection methods. In this paper, we introduce an adaptive malware variant generation (AMVG) framework to study bypassing malware detection methods efficiently. The AMVG framework uses ML (e.g., genetic algorithm (GA)) to generate malware variants that satisfy specific detection criteria. The use of GA automates the malware variant generations with appropriate modules to handle various input formats. For the experiment, we use malware samples retrieved from theZoo, a collection of malware samples. The results show that we can automatically generate malware variants that satisfy varying detection criteria in a practical amount of time, as well as showing the capabilities to handle different input formats.