ADVERSARIALuscator: An Adversarial-DRL based Obfuscator and Metamorphic Malware Swarm Generator

Advanced metamorphic malware and ransomware, by using obfuscation, could alter their internal structure with every attack. If such malware could intrude even into any of the IoT network, then even if the original malware instance get detected, by that time it can still infect the entire network. The IoT era also required Industry 4.0 grade AI based defense against such advanced malware. But AI algorithm need a lot of training data, and it is challenging to obtain training data for such evasive malware. Therefore, in this paper, we present ADVERSARIALuscator, a novel system that uses specialized (adversarial) deep reinforcement learning to obfuscate malware at the opcode level and create multiple metamorphic instances of the same. To the best of our knowledge, is the first-ever system that adopts the Markov Decision Process based approach to convert and find a solution to the problem of creating individual obfuscations at the opcode level. This is important as the machine language level is the least at which functionality could be preserved so as to mimic an actual attack effectively. is also the first-ever system to use efficient continuous action control capable deep reinforcement learning agents like the Proximal Policy Optimization in the area of cyber security. Experimental results indicate that could raise the metamorphic probability of a corpus of malware by ≥ 0.45. Additionally, more than 33% of metamorphic instances generated by were able to evade even the most potent IDS and penetrate the target system, even when the defending IDS could detect the original malware instance. Hence could be used to generate data representative of a swarm of very potent and coordinated AI based metamorphic malware attack. The so generated data and simulations could be used to bolster the defenses of an IDS against an actual AI based metamorphic attack from advanced malware and ransomware.