Machine learning has proven to be a useful tool for automated malware detection, but machine learning models have also been shown to be vulnerable to adversarial attacks. This article addresses the problem of generating adversarial malware samples, specifically malicious Windows Portable Executable files. We summarize and compare work that has focused on adversarial machine learning for malware detection. We use gradient-based, evolutionary algorithm-based, and reinforcement-based methods to generate adversarial samples, and then test the generated samples against selected antivirus products. We compare the selected methods in terms of accuracy and practical applicability. The results show that applying optimized modifications to previously detected malware can lead to incorrect classification of the file as benign. It is also known that generated malware samples can be successfully used against detection models other than those used to generate them and that using combinations of generators can create new samples that evade detection. Experiments show that the Gym-malware generator, which uses a reinforcement learning approach, has the greatest practical potential. This generator achieved an average sample generation time of 5.73 seconds and the highest average evasion rate of 44.11%. Using the Gym-malware generator in combination with itself improved the evasion rate to 58.35%.

翻译：机器学习已被证明是自动化恶意软件检测的有效工具，但机器学习模型也被证实易受对抗性攻击。本文针对生成对抗性恶意软件样本的问题展开研究，具体关注恶意Windows可执行文件。我们总结并比较了聚焦于恶意软件检测中对抗性机器学习的相关工作。采用基于梯度、基于进化算法及基于强化学习的方法生成对抗样本，并将生成的样本提交至选定的反病毒产品进行测试。我们从准确性和实际适用性两方面对所选方法进行了比较。结果表明，对先前已检测到的恶意软件应用优化修改可能导致文件被错误分类为良性文件。同时发现，生成的恶意软件样本可成功用于攻击除生成模型以外的其他检测模型，且使用多种生成器的组合能够创建逃避检测的新样本。实验显示，采用强化学习方法的Gym-malware生成器具有最大的实际应用潜力。该生成器平均样本生成时间为5.73秒，平均逃逸率最高达44.11%。使用Gym-malware生成器与自身组合后，逃逸率提升至58.35%。