Evolutionary Computation for Improving Malware Analysis


Kevin Leach, Ryan Dougherty, Chad Spensky, Stephanie Forrest, Westley Weimer


GI-2019, ICSE workshops proceedings (GI), May 2019


Research in genetic improvement (GI) conventionally focuses on the improvement of software, including the automated repair of bugs and vulnerabilities as well as the refinement of software to increase performance. Eliminating or reducing vulnerabilities using GI has improved the security of benign software, but the growing volume and complexity of malicious software necessitates better analysis techniques that may benefit from a GI-based approach. Rather than focus on the use of GI to improve individual software artefacts, we believe GI can be applied to the tools used to analyse malicious code for its behaviour. First, malware analysis is critical to understanding the damage caused by an attacker, which GI-based bug repair does not currently address. Second, modern malware samples leverage complex vectors for infection that cannot currently be addressed by GI. In this paper, we discuss an application of genetic improvement to the realm of automated malware analysis through the use of variable-strength covering arrays.


  title     = {{Evolutionary Computation for Improving Malware Analysis}},
  author    = {Leach, Kevin and Dougherty, Ryan and Spensky, Chad and Forrest, Stephanie and Weimer, Westley},
  booktitle = {GI-2019, ICSE workshops proceedings},
  series    = {GI},
  month     = {May},
  year      = {2019},
  address   = {Montreal},
  editor    = {Justyna Petke and Shin Hwei Tan and William B. Langdon and Westley Weimer},
  keywords  = {genetic algorithms, genetic programming, genetic improvement},
  publisher = {IEEE},
  url       = {http://dijkstra.eecs.umich.edu/kleach/malware-gi-19.pdf}