A feature-vector generative adversarial network for evading PDF malware classifiers

Cyber-Physical Systems (CPS) are increasingly utilizing machine learning (ML) algorithms to resolve different control and decision making problems. CPS are traditionally vulnerable to evasion attacks and adversarial examples, hence the integration of learning algorithms requires that these vulnerabilities are reevaluated to make the cyber-physical systems more secure and robust. In this work, we propose a novel evasion method based on a feature-vector generative adversarial network (fvGAN) to attack a learning-based malware classifier. The generative adversarial network (GAN) has been widely used in the realistic fake-image generation, but it has rarely been studied for adversarial malware generation. This work uses the fvGAN to generate adversarial feature vectors in the feature space, and then transforms them into actual adversarial malware examples. We have experimentally investigated the effectiveness of the proposed approach on a well-known PDF malware classifier, PDFRate, and evaluated the fvGAN-based attack in four evasion scenarios. The results show that the fvGAN model has a high evasion rate within a limited time. We have also compared the proposed approach with two existing attack algorithms, namely Mimicry and GD-KDE, and the results prove that the proposed scheme has better performance both in terms of evasion rate and execution cost. (C) 2020 Elsevier Inc. All rights reserved.