The GANfather: Controllable generation of malicious activity to improve defence systems

by   Ricardo Ribeiro Pereira, et al.

Machine learning methods to aid defence systems in detecting malicious activity typically rely on labelled data. In some domains, such labelled data is unavailable or incomplete. In practice this can lead to low detection rates and high false positive rates, which characterise for example anti-money laundering systems. In fact, it is estimated that 1.7–4 trillion euros are laundered annually and go undetected. We propose The GANfather, a method to generate samples with properties of malicious activity, without label requirements. We propose to reward the generation of malicious samples by introducing an extra objective to the typical Generative Adversarial Networks (GANs) loss. Ultimately, our goal is to enhance the detection of illicit activity using the discriminator network as a novel and robust defence system. Optionally, we may encourage the generator to bypass pre-existing detection systems. This setup then reveals defensive weaknesses for the discriminator to correct. We evaluate our method in two real-world use cases, money laundering and recommendation systems. In the former, our method moves cumulative amounts close to 350 thousand dollars through a network of accounts without being detected by an existing system. In the latter, we recommend the target item to a broad user base with as few as 30 synthetic attackers. In both cases, we train a new defence system to capture the synthetic attacks.


page 1

page 2

page 3

page 4


How to find a GSMem malicious activity via an AI approach

This paper investigates the following problem: how to find a GSMem malic...

Detecting malicious logins as graph anomalies

Authenticated lateral movement via compromised accounts is a common adve...

Flexible Android Malware Detection Model based on Generative Adversarial Networks with Code Tensor

The behavior of malware threats is gradually increasing, heightened the ...

On Detecting Data Pollution Attacks On Recommender Systems Using Sequential GANs

Recommender systems are an essential part of any e-commerce platform. Re...

A Large-Scale Analysis of Attacker Activity in Compromised Enterprise Accounts

We present a large-scale characterization of attacker activity across 11...

HinDom: A Robust Malicious Domain Detection System based on Heterogeneous Information Network with Transductive Classification

Domain name system (DNS) is a crucial part of the Internet, yet has been...

JABBERWOCK: A Tool for WebAssembly Dataset Generation and Its Application to Malicious Website Detection

Machine learning is often used for malicious website detection, but an a...

Please sign up or login with your details

Forgot password? Click here to reset