AEDGAN: A Semi-Supervised Deep Learning Model for Zero-Day Malware Detection

Malware presents an increasing threat to cyberspace, drawing significant attention from researchers and industry professionals. Many solutions have been proposed for malware detection; however, zero-day malware detection remains challenging due to the evasive techniques used by malware authors and the limitations of existing solutions. Traditional supervised learning methods assume a fixed relationship between malware and their class labels over time, but this assumption does not hold in the ever-changing landscape of evasive malware and its variants. That is malware developers intentionally design malicious software to share features with benign programs, making zero-day malware. This study introduces the AEDGAN model, a zero-day malware detection framework based on a semisupervised learning approach. The model leverages a generative adversarial network (GAN), an autoencoder, and a convolutional neural network (CNN) classifier to build an anomaly-based detection system. The GAN is used to learn representations of benign applications, while the auto-encoder extracts latent features that effectively characterize benign samples. The CNN classifier is trained on an integrated feature vector that combines the latent features from the autoencoder with hidden features extracted by the GAN’s discriminator. Extensive experiments were conducted to evaluate the model’s effectiveness. Results from two benchmark datasets show that the AEDGAN model outperforms existing solutions, achieving a 5% improvement in overall accuracy and an 11% reduction in false alarms compared to the best-performing related model.