Discovering Future Malware Variants By Generating New Malware Samples Using Generative Adversarial Network

Detecting malware sample is one of the most important issues in computer security. Malware variants are growing exponentially by more usage of computer in industries, homes, and other places. Among different types of malware samples, zero-day samples are more challenging. The conventional antivirus systems, which rely on known malware patterns, cannot detect zero-day samples since did not see them before. As reported in [1], in 2018, 76% of successful attacks on organization endpoints were based on zero-day samples. Therefore, predicting these types of attacks and preparing a solution is an open challenge.This paper presents a deep generative adversarial network to generate the signature of unseen malware samples; The generated signature is potentially similar to the malware samples that may be released in the future. After generating the samples, these generated data were added to the dataset to train a robust classifier against new variants of malware. Also, neural network is applied for extracting high-level features from raw bytes for detection. In the proposed method, only the header of the executable file was used for detection, which is a small piece of the file that contains some information about the file. To validate our method, we used three classification algorithms and classified the raw and new representation using them. Also, we compared our work with another malware detection using the PE header. The results of this paper show that the generated data improves the accuracy of classification algorithms by at least 1%.

[1]  Witawas Srisa-an,et al.  Significant Permission Identification for Machine-Learning-Based Android Malware Detection , 2018, IEEE Transactions on Industrial Informatics.

[2]  Mahmood Yousefi-Azar,et al.  Autoencoder-based feature learning for cyber security applications , 2017, 2017 International Joint Conference on Neural Networks (IJCNN).

[3]  Aman Jantan,et al.  A Framework for Malware Detection Using Combination Technique and Signature Generation , 2010, 2010 Second International Conference on Computer Research and Development.

[4]  Jürgen Schmidhuber,et al.  LSTM: A Search Space Odyssey , 2015, IEEE Transactions on Neural Networks and Learning Systems.

[5]  Edward Raff,et al.  Learning the PE Header, Malware Detection with Minimal Domain Knowledge , 2017, AISec@CCS.

[6]  Xingquan Zhu,et al.  Machine Learning for Android Malware Detection Using Permission and API Calls , 2013, 2013 IEEE 25th International Conference on Tools with Artificial Intelligence.

[7]  David Slater,et al.  Malicious Behavior Detection using Windows Audit Logs , 2015, AISec@CCS.

[8]  Jassim Happa,et al.  Classification of Malware Families Based on Runtime Behaviour , 2018, CSS.

[9]  Guanghui Liang,et al.  A Behavior-Based Malware Variant Classification Technique , 2016 .

[10]  Ali Dehghantanha,et al.  Robust Malware Detection for Internet of (Battlefield) Things Devices Using Deep Eigenspace Learning , 2019, IEEE Transactions on Sustainable Computing.

[11]  S. Sitharama Iyengar,et al.  A Survey on Malware Detection Using Data Mining Techniques , 2017, ACM Comput. Surv..

[12]  Eul Gyu Im,et al.  A Multimodal Deep Learning Method for Android Malware Detection Using Various Features , 2019, IEEE Transactions on Information Forensics and Security.

[13]  Zohreh Azimifar,et al.  Supervised principal component analysis: Visualization, classification and regression on subspaces and submanifolds , 2011, Pattern Recognit..

[14]  Chun-Ying Huang,et al.  Performance Evaluation on Permission-Based Detection for Android Malware , 2013 .

[15]  Claudia Eckert,et al.  Deep Learning for Classification of Malware System Call Sequences , 2016, Australasian Conference on Artificial Intelligence.

[16]  Ali Hamzeh,et al.  Visual malware detection using local malicious pattern , 2018, Journal of Computer Virology and Hacking Techniques.

[17]  Baosheng Wang,et al.  Automatic Malware Detection Using Deep Learning Based on Static Analysis , 2017, ICPCSEE.

[18]  Sahin Albayrak,et al.  Monitoring Smartphones for Anomaly Detection , 2008, Mob. Networks Appl..

[19]  Divya Bansal,et al.  Malware Analysis and Classification: A Survey , 2014 .

[20]  Ali Feizollah,et al.  Evaluation of machine learning classifiers for mobile malware detection , 2014, Soft Computing.

[21]  Jürgen Schmidhuber,et al.  Learning to forget: continual prediction with LSTM , 1999 .

[22]  Hong Liang,et al.  Text feature extraction based on deep learning: a review , 2017, EURASIP Journal on Wireless Communications and Networking.

[23]  Christopher Krügel,et al.  A survey on automated dynamic malware-analysis techniques and tools , 2012, CSUR.

[24]  Abdul Rahman Ahmad Dahlan,et al.  Cyber Security Maturity Model and Maqasid al-Shari'ah , 2018, 2018 International Conference on Information and Communication Technology for the Muslim World (ICT4M).

[25]  Ali A. Ghorbani,et al.  Application of deep learning to cybersecurity: A survey , 2019, Neurocomputing.

[26]  Somesh Jha,et al.  Semantics-aware malware detection , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[27]  Ishai Rosenberg,et al.  DeepOrigin: End-To-End Deep Learning For Detection Of New Malware Families , 2018, 2018 International Joint Conference on Neural Networks (IJCNN).

[28]  Sung-Bae Cho,et al.  Zero-day malware detection using transferred generative adversarial networks based on deep autoencoders , 2018, Inf. Sci..

[29]  Yoshua Bengio,et al.  Generative Adversarial Nets , 2014, NIPS.