Deep Learning for Zero-day Malware Detection and Classification: A Survey

Abstract

Zero-day malware is malware that has never been seen before or is so new that no anti-malware software can catch it. This novelty and the lack of existing mitigation strategies make zero-day malware challenging to detect and defend against. In recent years, deep learning has become the dominant and leading branch of machine learning in various research fields, including malware detection. Considering the significant threat of zero-day malware to cybersecurity and business continuity, it is necessary to identify deep learning techniques that can somehow be effective in detecting or classifying such malware. But so far, such a comprehensive review has not been conducted. In this article, we study deep learning techniques in terms of their ability to detect or classify zero-day malware. Based on our findings, we propose a taxonomy and divide different zero-day resistant, deep malware detection and classification techniques into four main categories: unsupervised, semi-supervised, few-shot, and adversarial resistant. We compare the techniques in each category in terms of various factors, including deep learning architecture, feature encoding, platform, detection or classification functionality, and whether the authors have performed a zero-day evaluation. We also provide a summary view of the reviewed papers and discuss their main characteristics and challenges.