PPO-Based Adversarial Attack Method for Malware Detection

• 1、Cyberspace Security School, Beijing University of Posts and Telecommunications, Beijing
• 2、Cyberspace Security School, Beijing University of Posts and Telecommunications, Beijing

Abstract：With the development of the Internet, malicious code has become one of the threats to user information security. Traditional methods of detecting malicious code are unable to handle the increasing number of new malicious code samples generated every day. Therefore, machine learning algorithms are becoming increasingly common in the field of malicious code detection. However, algorithms that use machine learning technology for malicious code detection typically focus only on optimizing performance metrics such as accuracy and recall, without fully considering the fact that attackers may intentionally create deceptive input data to deceive the machine learning model and make it unable to function properly in real environments. Currently, there are difficulties in training models for adversarial attacks against malicious code detection, and the escape rate is not ideal. Based on the above issues, the main research work of this paper is as follows: A malwre adversarial attack method based on the PPO algorithm is proposed, and an action space is designed for perturbing PE files and traininng the model. Experiments are conducted on multiple malicious code detectors, and the results show that this method performs well in terms of evasion rate compared to otherattack methods.

Keywords： Cyber Security Malware Detection Adversarial Attack