Zero-day malicious software (malware) refers to a previously unknown or newly discovered software vulnerability. The fundamental objective of this paper is to enhance detection for analogous zero-day malware by efficient learning to plausible generated data. To detect zero-day malware, we proposed a malware training framework based on the generated analogous malware data using generative adversarial networks (PlausMal-GAN). Thus, the PlausMal-GAN can suitably produce analogous zero-day malware images with high quality and high diversity from the existing malware data. The discriminator, as a detector, learns various malware features using both real and generated malware images. In terms of performance, the proposed framework showed higher and more stable performances for the analogous zero-day malware images, which can be assumed to be analogous zero-day malware data. We obtained reliable accuracy performances in the proposed PlausMal-GAN framework with representative GAN models (i.e., deep convolutional GAN, least-squares GAN, Wasserstein GAN with gradient penalty, and evolutionary GAN). These results indicate that the use of the proposed framework is beneficial for the detection and prediction of numerous and analogous zero-day malware data from noted malware when developing and updating malware detection systems.
Bibliographical noteFunding Information:
This work was supported in part by the Institute of Information & communications Technology Planning & Evaluation (IITP) Grant funded by the Korea government (MSIT) under Grant 2019-0-00079 and in part by Artificial Intelligence Graduate School Program (Korea University) under Grant 2021-0-02068, Artificial Intelligence Innovation Hub.
© 2013 IEEE.
- Analogous malware detection
- generative adversarial networks
- malware augmentation
- malware data
- zero-day malware
ASJC Scopus subject areas
- Computer Science (miscellaneous)
- Information Systems
- Human-Computer Interaction
- Computer Science Applications