Abstract

The number of new malware has been increasing year by year, and the construction of the malware sample space is also changing with time. The existing research studies on malware detection mainly focus on how to improve detection performance and how to effectively detect the evasion malware and improve the detection performance of adversarial samples, while ignoring the concept drift of malware samples over time. The concept drift of the sample will lead to the aging of the detector model, thus resulting in the reduction of the detection accuracy. Concerning this problem, we proposed a malware sample generator based on auxiliary classifier GAN, according to the malware samples generated, to train the detection model. In this paper, the API call sequence is used as a feature to train the improved generative adversarial network, and the trained generator model is used to generate samples that simulate concept drift for the purpose of training detection models. Meanwhile, using the detection results of the detector as the training set again, the generator is used to generate samples, so as to repeatedly train the detection model and improve the anticoncept drift performance of the monitoring model. In this paper, real malware samples and generated samples are used to train the detector model, and malware samples are segmented in a linear time sequence as test sets to verify the effectiveness of the proposed method. The results reveal that the framework can maintain good detection accuracy and effectively mitigate the aging of the detector in a longer time dimension.

Highlights

  • Due to the increasingly complex network environment and the emerging attack methods, malware, as an important carrier of network attacks, is attached to various functions such as destruction, theft, and extortion

  • Considering the above problems, this paper proposes a method for detecting malware by using auxiliary classifier generative adversarial network (ACGAN) [21] combined with recurrent neural network (GRU) to deal with the aging of detectors

  • Our contributions are described as follows: (1) We propose an improved ACGAN sample generation framework to mitigate the problem of decreased detection rate caused by concept drift of malware samples

Read more

Summary

Introduction

Due to the increasingly complex network environment and the emerging attack methods, malware, as an important carrier of network attacks, is attached to various functions such as destruction, theft, and extortion. (1) We propose an improved ACGAN sample generation framework to mitigate the problem of decreased detection rate caused by concept drift of malware samples (2) We use the API call sequence as a feature, combining actual malware samples, to generate samples to verify the effectiveness of the proposed method in a long time span, and the performance is better than other recent research (3) Evaluating the performance of this experiment through experiments and comparisons, and discussing the basis for setting various parameters in this article’s model in dealing with the adversarial concept drift e structure of the remaining sections is as follows: Section 2 introduces related work; Section 3 describes the methods used to explain adversarial concept drift in detail; Section 4 evaluates the quality of the generated samples and the anticoncept drift performance; Section 5 summarizes the full text and proposes further work

Related Work
Experiment Evaluation
Findings
Method
Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call