Malware detection using deep transferred generative adversarial networks

Jin Young Kim; Seok Jun Bu; Sung Bae Cho

doi:10.1007/978-3-319-70087-8_58

Malware detection using deep transferred generative adversarial networks

Jin Young Kim, Seok Jun Bu, Sung Bae Cho

College of Computing

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

54 Citations (Scopus)

Abstract

Malicious software is generated with more and more modified features of which the methods to detect malicious software use characteristics. Automatic classification of malicious software is efficient because it does not need to store all characteristic. In this paper, we propose a transferred generative adversarial network (tGAN) for automatic classification and detection of the zero-day attack. Since the GAN is unstable in training process, often resulting in generator that produces nonsensical outputs, a method to pre-train GAN with autoencoder structure is proposed. We analyze the detector, and the performance of the detector is visualized by observing the clustering pattern of malicious software using t-SNE algorithm. The proposed model gets the best performance compared with the conventional machine learning algorithms.

Original language	English
Title of host publication	Neural Information Processing - 24th International Conference, ICONIP 2017, Proceedings
Editors	Yuanqing Li, Derong Liu, Shengli Xie, El-Sayed M. El-Alfy, Dongbin Zhao
Publisher	Springer Verlag
Pages	556-564
Number of pages	9
ISBN (Print)	9783319700861
DOIs	https://doi.org/10.1007/978-3-319-70087-8_58
Publication status	Published - 2017
Event	24th International Conference on Neural Information Processing, ICONIP 2017 - Guangzhou, China Duration: 2017 Nov 14 → 2017 Nov 18

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	10634 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Other

Other	24th International Conference on Neural Information Processing, ICONIP 2017
Country/Territory	China
City	Guangzhou
Period	17/11/14 → 17/11/18

Bibliographical note

Funding Information:
This work was supported by Defense Acquisition Program Administration and Agency for Defense Development under the contract (UD160066BD).

Publisher Copyright:
© Springer International Publishing AG 2017.

All Science Journal Classification (ASJC) codes

Theoretical Computer Science
Computer Science(all)

Access to Document

10.1007/978-3-319-70087-8_58

Cite this

Kim, J. Y., Bu, S. J., & Cho, S. B. (2017). Malware detection using deep transferred generative adversarial networks. In Y. Li, D. Liu, S. Xie, E-S. M. El-Alfy, & D. Zhao (Eds.), Neural Information Processing - 24th International Conference, ICONIP 2017, Proceedings (pp. 556-564). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10634 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-319-70087-8_58

Kim, Jin Young ; Bu, Seok Jun ; Cho, Sung Bae. / Malware detection using deep transferred generative adversarial networks. Neural Information Processing - 24th International Conference, ICONIP 2017, Proceedings. editor / Yuanqing Li ; Derong Liu ; Shengli Xie ; El-Sayed M. El-Alfy ; Dongbin Zhao. Springer Verlag, 2017. pp. 556-564 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{2129797e4f5b4b89937c958251dce875,

title = "Malware detection using deep transferred generative adversarial networks",

abstract = "Malicious software is generated with more and more modified features of which the methods to detect malicious software use characteristics. Automatic classification of malicious software is efficient because it does not need to store all characteristic. In this paper, we propose a transferred generative adversarial network (tGAN) for automatic classification and detection of the zero-day attack. Since the GAN is unstable in training process, often resulting in generator that produces nonsensical outputs, a method to pre-train GAN with autoencoder structure is proposed. We analyze the detector, and the performance of the detector is visualized by observing the clustering pattern of malicious software using t-SNE algorithm. The proposed model gets the best performance compared with the conventional machine learning algorithms.",

author = "Kim, {Jin Young} and Bu, {Seok Jun} and Cho, {Sung Bae}",

note = "Funding Information: This work was supported by Defense Acquisition Program Administration and Agency for Defense Development under the contract (UD160066BD). Publisher Copyright: {\textcopyright} Springer International Publishing AG 2017.; 24th International Conference on Neural Information Processing, ICONIP 2017 ; Conference date: 14-11-2017 Through 18-11-2017",

year = "2017",

doi = "10.1007/978-3-319-70087-8_58",

language = "English",

isbn = "9783319700861",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "556--564",

editor = "Yuanqing Li and Derong Liu and Shengli Xie and El-Alfy, {El-Sayed M.} and Dongbin Zhao",

booktitle = "Neural Information Processing - 24th International Conference, ICONIP 2017, Proceedings",

address = "Germany",

}

Kim, JY, Bu, SJ & Cho, SB 2017, Malware detection using deep transferred generative adversarial networks. in Y Li, D Liu, S Xie, E-SM El-Alfy & D Zhao (eds), Neural Information Processing - 24th International Conference, ICONIP 2017, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 10634 LNCS, Springer Verlag, pp. 556-564, 24th International Conference on Neural Information Processing, ICONIP 2017, Guangzhou, China, 17/11/14. https://doi.org/10.1007/978-3-319-70087-8_58

Malware detection using deep transferred generative adversarial networks. / Kim, Jin Young; Bu, Seok Jun; Cho, Sung Bae.
Neural Information Processing - 24th International Conference, ICONIP 2017, Proceedings. ed. / Yuanqing Li; Derong Liu; Shengli Xie; El-Sayed M. El-Alfy; Dongbin Zhao. Springer Verlag, 2017. p. 556-564 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10634 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Malware detection using deep transferred generative adversarial networks

AU - Kim, Jin Young

AU - Bu, Seok Jun

AU - Cho, Sung Bae

N1 - Funding Information: This work was supported by Defense Acquisition Program Administration and Agency for Defense Development under the contract (UD160066BD). Publisher Copyright: © Springer International Publishing AG 2017.

PY - 2017

Y1 - 2017

N2 - Malicious software is generated with more and more modified features of which the methods to detect malicious software use characteristics. Automatic classification of malicious software is efficient because it does not need to store all characteristic. In this paper, we propose a transferred generative adversarial network (tGAN) for automatic classification and detection of the zero-day attack. Since the GAN is unstable in training process, often resulting in generator that produces nonsensical outputs, a method to pre-train GAN with autoencoder structure is proposed. We analyze the detector, and the performance of the detector is visualized by observing the clustering pattern of malicious software using t-SNE algorithm. The proposed model gets the best performance compared with the conventional machine learning algorithms.

AB - Malicious software is generated with more and more modified features of which the methods to detect malicious software use characteristics. Automatic classification of malicious software is efficient because it does not need to store all characteristic. In this paper, we propose a transferred generative adversarial network (tGAN) for automatic classification and detection of the zero-day attack. Since the GAN is unstable in training process, often resulting in generator that produces nonsensical outputs, a method to pre-train GAN with autoencoder structure is proposed. We analyze the detector, and the performance of the detector is visualized by observing the clustering pattern of malicious software using t-SNE algorithm. The proposed model gets the best performance compared with the conventional machine learning algorithms.

UR - http://www.scopus.com/inward/record.url?scp=85035114862&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85035114862&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-70087-8_58

DO - 10.1007/978-3-319-70087-8_58

M3 - Conference contribution

AN - SCOPUS:85035114862

SN - 9783319700861

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 556

EP - 564

BT - Neural Information Processing - 24th International Conference, ICONIP 2017, Proceedings

A2 - Li, Yuanqing

A2 - Liu, Derong

A2 - Xie, Shengli

A2 - El-Alfy, El-Sayed M.

A2 - Zhao, Dongbin

PB - Springer Verlag

T2 - 24th International Conference on Neural Information Processing, ICONIP 2017

Y2 - 14 November 2017 through 18 November 2017

ER -

Kim JY, Bu SJ, Cho SB. Malware detection using deep transferred generative adversarial networks. In Li Y, Liu D, Xie S, El-Alfy E-SM, Zhao D, editors, Neural Information Processing - 24th International Conference, ICONIP 2017, Proceedings. Springer Verlag. 2017. p. 556-564. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-319-70087-8_58

Malware detection using deep transferred generative adversarial networks

Abstract

Publication series

Other

Bibliographical note

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this