Adversarial pseudo-benign examples can be generated to evade malware detection algorithms based on deep learning. Current works on adversarial examples generation mainly focus on the gradient-based attacks due to their easy-to-implement features. Although the Generative Adversarial Network (GAN) has shown a superior performance on adversarial attacks, there is not much work on applying GAN to malware composition due to its complexity and weakness in processing discrete data. API call sequence is considered as the very representative feature to analyze malware behavioral characteristics. However, it is troublesome to insert API calls into the original sequence to cover the malicious purpose with implementation on GAN. In this paper, we propose an adversarial sequence generating algorithm, which highlights the contextual relationship between API calls by using word embedding. We train a recurrent neural network based substitute detection model to fit the black-box malware detection model. We demonstrate the attack against API call sequence-based malware classifiers, and experimental results show that the proposed scheme is efficient and effective, almost all of the generated pseudo-benign malware examples can fool the detection algorithms. It outruns other GAN based schemes in performance and has a lower overhead of API call inserting.

可以生成对抗性伪良性示例以逃避基于深度学习的恶意软件检测算法。由于其易于实现的特性，当前关于对抗性示例生成的工作主要集中在基于梯度的攻击上。尽管生成对抗网络 (GAN) 在对抗性攻击方面表现出卓越的性能，但由于其复杂性和处理离散数据的弱点，将 GAN 应用于恶意软件组合的工作并不多。API调用序列被认为是分析恶意软件行为特征的非常有代表性的特征。但是，将 API 调用插入到原始序列中以覆盖恶意目的并在 GAN 上实现是很麻烦的。在本文中，我们提出了一种对抗性序列生成算法，它通过使用词嵌入突出了 API 调用之间的上下文关系。我们训练了一个基于循环神经网络的替代检测模型，以适应黑盒恶意软件检测模型。我们演示了对基于 API 调用序列的恶意软件分类器的攻击，实验结果表明所提出的方案是有效的，几乎所有生成的伪良性恶意软件示例都可以欺骗检测算法。它在性能上优于其他基于 GAN 的方案，并且具有更低的 API 调用插入开销。几乎所有生成的伪良性恶意软件示例都可以欺骗检测算法。它在性能上优于其他基于 GAN 的方案，并且具有更低的 API 调用插入开销。几乎所有生成的伪良性恶意软件示例都可以欺骗检测算法。它在性能上优于其他基于 GAN 的方案，并且具有更低的 API 调用插入开销。