With the increasingly rapid development of new malicious computer software by bad faith actors, both commercial and research-oriented antivirus detectors have come to make greater use of machine learning tactics to identify such malware as harmful before end users are exposed to their effects. This, in turn, has spurred the development of tools that allow for known malware to be manipulated such that they can evade being classified as dangerous by these machine learning-based detectors, while retaining their malicious functionality. These manipulations function by applying a set of changes that can be made to Windows programs that result in a different file structure and signature without altering the software's capabilities. Various proposals have been made for the most effective way of applying these alterations to input malware to deceive static malware detectors; the purpose of this research is to examine these proposals and test their implementations to determine which tactics tend to generate the most successful attacks.
翻译:随着恶意行为方日益迅速开发新的恶意计算机软件,商业和面向研究的反病毒探测器都开始更多地利用机器学习策略,在最终用户暴露其影响之前查明这种恶意软件是有害的,这反过来又促使开发一些工具,使已知的恶意软件能够被操纵,从而可以避免被这些基于机器的学习检测器归类为危险,同时保留其恶意功能。这些操纵功能通过对Windows程序进行一系列修改而发挥作用,这些修改可以在不改变软件能力的情况下形成不同的文件结构和签名。已经提出了各种建议,以最有效的方式应用这些修改来输入恶意软件,以欺骗固定的恶意软件探测器;这项研究的目的是审查这些建议并测试其执行情况,以确定哪些策略倾向于产生最成功的攻击。