Loading…

Anticoncept Drift Method for Malware Detector Based on Generative Adversarial Network

The number of new malware has been increasing year by year, and the construction of the malware sample space is also changing with time. The existing research studies on malware detection mainly focus on how to improve detection performance and how to effectively detect the evasion malware and impro...

Full description

Saved in:
Bibliographic Details
Published in:Security and communication networks 2021-01, Vol.2021, p.1-12
Main Authors: Dai, Yusheng, Li, Hui, Qian, Yekui, Guo, Yunling, Zheng, Min
Format: Article
Language:English
Subjects:
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The number of new malware has been increasing year by year, and the construction of the malware sample space is also changing with time. The existing research studies on malware detection mainly focus on how to improve detection performance and how to effectively detect the evasion malware and improve the detection performance of adversarial samples, while ignoring the concept drift of malware samples over time. The concept drift of the sample will lead to the aging of the detector model, thus resulting in the reduction of the detection accuracy. Concerning this problem, we proposed a malware sample generator based on auxiliary classifier GAN, according to the malware samples generated, to train the detection model. In this paper, the API call sequence is used as a feature to train the improved generative adversarial network, and the trained generator model is used to generate samples that simulate concept drift for the purpose of training detection models. Meanwhile, using the detection results of the detector as the training set again, the generator is used to generate samples, so as to repeatedly train the detection model and improve the anticoncept drift performance of the monitoring model. In this paper, real malware samples and generated samples are used to train the detector model, and malware samples are segmented in a linear time sequence as test sets to verify the effectiveness of the proposed method. The results reveal that the framework can maintain good detection accuracy and effectively mitigate the aging of the detector in a longer time dimension.
ISSN:1939-0114
1939-0122
DOI:10.1155/2021/6644107