Towards time evolved malware identification using two-head neural network

Deep learning-based malware detection plays an important role in cybersecurity in recent years. However, with the increasing complexity of malware and the continuous development of anti-detection techniques, a lot of malicious programs evolve over time. As a result, the deep learning-based methods may fail to recognize these time evolved malware samples, which poses a critical challenge to deploy the deep learning models in practice. In this paper, we first implement two well-known deep learning-based malware detection models: MalConv and TextCNN. From our experiments that divide the dataset according to the timestamp information for model training and testing, we found the detection performance of the two models both decline obviously when they process the time evolved malware. To address this problem, we propose an anomaly detection approach based on two-head neural network. This method can identify the time evolved samples. These samples would make the previous trained deep learning models misclassified. The experiments show that the malware detection accuracies can be improved by 8.62% for MalConv and 13.12% for TextCNN after the identified samples are filtered. This indicates that our method could effectively improve the usability of the pre-trained models on processing the new data. Moreover, the experimental results are well studied.