New ransomware attack based on an evolutional generative adversarial network can evade security measures
How does the Evolution Generative Adversarial Network (EGAN) method differ from previous approaches in generating adversarial ransomware?
The Evolution Generative Adversarial Network (EGAN) method differs from previous approaches in generating adversarial ransomware in its combination of an evolution strategy (ES) with a generative adversarial network (GAN). The ES agent in EGAN competes with an algorithm trained to classify ransomware, testing various functionality-preserving actions that can be applied to ransomware samples. This approach identifies the most optimal sequence of actions that leads to misclassification for each given ransomware sample. If the ES agent's manipulations prove effective, a GAN is used to generate an adversarial feature vector that alters the ransomware file to appear benign. This method has been found to generate ransomware that successfully evades numerous commercial AI-powered anti-virus solutions and malware detection methods5.
How does the evolution strategy (ES) integrated within EGAN help in mutating ransomware files?
The evolution strategy (ES) integrated within EGAN plays a crucial role in mutating ransomware files. ES is an optimization method based on the concept of evolution, where an ES agent is placed in competition with an algorithm trained to classify ransomware. The agent tests various functionality-preserving actions that can be applied to ransomware samples in order to find the most optimal sequence of actions leading to misclassification for each given ransomware sample. If the ES agent's manipulations prove effective, a generative adversarial network (GAN) is used to generate an adversarial feature vector that alters the ransomware file to appear benign. This integration of ES and GAN within EGAN allows for the creation of adversarial ransomware samples that can successfully evade numerous commercial AI-powered anti-virus solutions and malware detection methods.
What are the main components of the EGAN framework as mentioned in the news content?
The main components of the EGAN (Evolution Generative Adversarial Network) framework, as mentioned in the news content, are:
-
Evolution Strategy (ES): An optimization method based on the concept of evolution, which is used to select a sequence of attack actions that can mutate a ransomware file while preserving its original functionality1. The ES agent in EGAN is placed in competition with an algorithm trained to classify ransomware, testing various functionality-preserving actions that can be applied to ransomware samples1.
-
Generative Adversarial Network (GAN): A deep learning architecture that consists of two artificial neural networks competing against each other to generate increasingly better results on a specific task. In the context of EGAN, the GAN is used to generate an adversarial feature vector that alters the ransomware file to appear benign, if the ES agent's manipulations prove effective1.
The EGAN framework combines these two components to create an attack framework that addresses the limitation of generating adversarial malware samples for training, as the resulting adversarial malware needs to remain evasive and functional. Researchers at Texas A&M University and Ho Technical University developed this approach, which has been found to generate ransomware that could successfully evade numerous commercial AI-powered anti-virus solutions and malware detection methods.