Zero-day malware detection using transferred generative adversarial networks based on deep autoencoders

Jin Young Kim, Seok Jun Bu, Sung Bae Cho

Research output: Contribution to journalArticlepeer-review

142 Citations (Scopus)


Detecting malicious software (malware) is important for computer security. Among the different types of malware, zero-day malware is problematic because it cannot be removed by antivirus systems. Existing malware detection mechanisms use stored malware characteristics, which hinders detecting zero-day attacks where altered malware is generated to avoid detection by antivirus systems. To detect malware including zero-day attacks robustly, this paper proposes a novel method called transferred deep-convolutional generative adversarial network (tDCGAN), which generates fake malware and learns to distinguish it from real malware. The data generated from a random distribution are similar but not identical to the real data: it includes modified features compared with real data. The detector learns various malware features using real data and modified data generated by the tDCGAN based on a deep autoencoder (DAE), which extracts appropriate features and stabilizes the GAN training. Before training the GAN, the DAE learns malware characteristics, produces general data, and transfers this capacity for stable training of the GAN generator. The trained discriminator passes down the ability to capture malware features to the detector, using transfer learning. We show that tDCGAN achieves 95.74% average classification accuracy which is higher than that of other models and increases the learning stability. It is also the most robust against modeled zero-day attacks compared to others.

Original languageEnglish
Pages (from-to)83-102
Number of pages20
JournalInformation sciences
Publication statusPublished - 2018 Sept

Bibliographical note

Funding Information:
This work was supported by Defense Acquisition Program Administration and Agency for Defense Development under the contract. ( UD160066BD )

Publisher Copyright:
© 2018 Elsevier Inc.

All Science Journal Classification (ASJC) codes

  • Software
  • Control and Systems Engineering
  • Theoretical Computer Science
  • Computer Science Applications
  • Information Systems and Management
  • Artificial Intelligence


Dive into the research topics of 'Zero-day malware detection using transferred generative adversarial networks based on deep autoencoders'. Together they form a unique fingerprint.

Cite this