Zero-day malware detection using transferred generative adversarial networks based on deep autoencoders

Abstract

Detecting malicious software (malware) is important for computer security. Among the different types of malware, zero-day malware is problematic because it cannot be removed by antivirus systems. Existing malware detection mechanisms use stored malware characteristics, which hinders detecting zero-day attacks where altered malware is generated to avoid detection by antivirus systems. To detect malware including zero-day attacks robustly, this paper proposes a novel method called transferred deep-convolutional generative adversarial network (tDCGAN), which generates fake malware and learns to distinguish it from real malware. The data generated from a random distribution are similar but not identical to the real data: it includes modified features compared with real data. The detector learns various malware features using real data and modified data generated by the tDCGAN based on a deep autoencoder (DAE), which extracts appropriate features and stabilizes the GAN training. Before training the GAN, the DAE learns malware characteristics, produces general data, and transfers this capacity for stable training of the GAN generator. The trained discriminator passes down the ability to capture malware features to the detector, using transfer learning. We show that tDCGAN achieves 95.74% average classification accuracy which is higher than that of other models and increases the learning stability. It is also the most robust against modeled zero-day attacks compared to others. (C) 2018 Elsevier Inc. All rights reserved.