Bypassing NGAV for Fun and Profit presented at BlackHatEurope 2020

by Ishai Meir,

Summary : In this talk, we demonstrate the first methodological approach to "reverse engineer" a NGAV model and features without reversingthe product, and generate a PE malware that bypasses next generation anti-virus (NGAV) products (e.g., Cylance). Previous such attacks against such machine learning based malware classifiers only add new features and do not modify existing features to avoid harming the modified malware executable's functionality, making such executables easier to detect.In contrast, we split the adversarial example generation task into two parts:find the importance of all features for a specific sample using explainability algorithms, andconduct a feature-specific modification (e.g., checksums, timestamp, IAT, etc.), feature-by-feature.In order to apply our attack to NGAV with unknown classifier architecture, we leverage the concept of transferability, i.e., different classifiers using different features subsets and trained on different datasets still have similar subset of important features. Using this concept, we attack a publicly available classifier and generate malware PE files that evade not only that classifier, but also commercial NGAV. We also demonstrate additional techniques, such as the sliding window approach to understand the most important features in the attacked classifier.