Generative adversarial network to detect unseen Internet of Things malware

Abstract

Machine learning is significantly used for malware and adversary detection in the industrial internet of things networks. However, majority of these methods require a significant prior knowledge of malware properties to identify optimal features for malware detection. This is a more significant challenge in IoT environment due to limited availability of malware samples. Some researchers utilized data deformation techniques such as converting malware to images or music to generate features that can be used for malware detection. However, these processes can be time-consuming and require a significant amount of data. This paper proposes MalGan, a framework for detecting and generating new malware samples based on the raw byte code at the edge layer of the Internet of Things (IoT) networks. Convolutional Neural Network (CNN) was utilized to extract high-level features, and boundary-seeking Generative Adversarial Network technique was used to generate new malware samples. Thus, even with a few malware samples, a significant number of previously unseen malware samples are detectable with high accuracy. To capture the short-term and long-term dependency of features, we employed an attention-based model, a combination of CNN and Long Short Term Memory. The attention mechanism improves the model’s performance by increasing or decreasing attention to certain parts of the features. The proposed method is examined extensively using standard Windows and IoT malware datasets. The experimental results indicate that our proposed MalGan is the method of choice, as it offers a higher detection rate compared to the previous malware detection algorithms.