A Survey of the Recent Trends in Deep Learning Based Malware Detection

• Published in: Journal of cybersecurity and privacy Vol. 2; no. 4; pp. 800 - 829
• Main Authors: Tayyab, Umm-e-Hani, Khan, Faiza Babar, Durad, Muhammad Hanif, Khan, Asifullah, Lee, Yeon Soo
• Format: Journal Article
• Language: English
• Published: Washington MDPI AG 28.09.2022
• Subjects: Classification; Comparative analysis; Computer viruses; Cyber Attacks; Cybercrime; Datasets; Deep Learning; few shot learning; Infrastructure; Machine learning; Malware; Nuclear power plants; Ransomware; Small business; Statistical analysis; Trends
• ISSN: 2624-800X; 2624-800X
• DOI: 10.3390/jcp2040041

Monitoring Indicators of Compromise (IOC) leads to malware detection for identifying malicious activity. Malicious activities potentially lead to a system breach or data compromise. Various tools and anti-malware products exist for the detection of malware and cyberattacks utilizing IOCs, but all have several shortcomings. For instance, anti-malware systems make use of malware signatures, requiring a database containing such signatures to be constantly updated. Additionally, this technique does not work for zero-day attacks or variants of existing malware. In the quest to fight zero-day attacks, the research paradigm shifted from primitive methods to classical machine learning-based methods. Primitive methods are limited in catering to anti-analysis techniques against zero-day attacks. Hence, the direction of research moved towards methods utilizing classic machine learning, however, machine learning methods also come with certain limitations. They may include but not limited to the latency/lag introduced by feature-engineering phase on the entire training dataset as opposed to the real-time analysis requirement. Likewise, additional layers of data engineering to cater to the increasing volume of data introduces further delays. It led to the use of deep learning-based methods for malware detection. With the speedy occurrence of zero-day malware, researchers chose to experiment with few shot learning so that reliable solutions can be produced for malware detection with even a small amount of data at hand for training. In this paper, we surveyed several possible strategies to support the real-time detection of malware and propose a hierarchical model to discover security events or threats in real-time. A key focus in this survey is on the use of Deep Learning-based methods. Deep Learning based methods dominate this research area by providing automatic feature engineering, the capability of dealing with large datasets, enabling the mining of features from limited data samples, and supporting one-shot learning. We compare Deep Learning-based approaches with conventional machine learning based approaches and primitive (statistical analysis based) methods commonly reported in the literature.