Introduction

Pesidious is an open-source tool that uses Generative Adversarial Networks (GAN) and Reinforcement Learning (RL) to generate mutative malware that can evade nextgen AI-powered anti-virus scanners.

In the past decade, there has been a lot of research done on how to use AI to classify malware and benign files. However, over the past couple of years, the adversaries have also started using AI to attack these defensive AI models.

One example of AI being used for offensive purposes is Deepfake which is used to generate fake images/videos/sounds.

The same idea has been applied with Pesidious i.e. using AI to make malware look benign to a malware classifier by adding benign-looking features and modifying existing features while maintaining the functionality.

Pesidious can be used to train models that can learn how to evade a malware classifier by mutating malware samples.

The tool currently comes with the following

  • Sample Malware Classifier: The tool has been trained to mutate malware such that it can evade the sample classifier that uses a gradient boosting algorithm to classify malware and benign files.

  • GAN generated benign-looking sections and imports: GAN has been used to generate sections and imports that can make malware look more benign.

  • RL model: RL model has been trained to select the best sequence of mutations including the above sections and imports along with others to fool the malware classifier.

High Level Architecture of Pesidious