Evolving malware variants as antigens for antivirus systems.

This paper proposes MAGE — A Malware Antigen Generating Evolutionary algorithm that is capable of generating unseen variants of a given source malware. MAGE evolves malware variants by employing code transformation functions as mutation operators and intra-population Jaccard similarity metric as fitness function. By virtue of these design choices, MAGE is capable of generating active malware variants with diverse code structure variations while retaining the maliciousness of the source malware. These malware variants (similar to biological antigens) generated throughout the run of MAGE forms a potential dataset of malware variants. The dataset can be used to train an adaptive Antivirus engine to learn the code structure variations that make up the space of malware variants. This could augment the engines ability to detect unseen malware variants, thus preventing attacks from the same. The efficacy of MAGE has been demonstrated with two malware viz. Timid , a COM infector and Intruder , an EXE infector. The simulation experiments demonstrate the potential and versatility of MAGE towards generating diverse malware variants. • This paper proposes a malware antigen generating evolutionary algorithm (MAGE). • MAGE is capable of generating variants of a given malware as Antigens for antivirus. • The evolved malware successfully evade detection by over 97 • MAGE evolves diverse non-trivial assembly code structure variations from source. • The evolved variants retain their original malicious characteristics. • The variants evolved can be fed to adaptive antivirus engines to prevent infection. [ABSTRACT FROM AUTHOR]