Disarming visualization-based approaches in malware detection systems

Visualization-based approaches have recently been used in conjunction with signature-based techniques to detect variants of malware files. Indeed, it is sufficient to modify some byte of executable files to modify the signature and, thus, to elude a signature-based detector. In this paper, we design a GAN-based architecture that allows an attacker to generate variants of a malware in which the malware patterns found by visualization-based approaches are hidden, thus producing a new version of the malware that is not detected by both signature-based and visualization-based techniques. The experiments carried out on a well-known malware dataset show a success rate of 100% in generating new variants of malware files that are not detected from the state-of-the-art visualization-based technique.