Optimization Framework for Malware Detection Based on Adversarial Networks and Gradient Reversal

Yanchen Qiao; Bowen Li; Weizhe Zhang; Yu Zhang; Shudong Li

doi:10.1007/978-981-96-4503-9_20

Optimization Framework for Malware Detection Based on Adversarial Networks and Gradient Reversal

Yanchen Qiao
, Bowen Li
, Weizhe Zhang^*
, Yu Zhang
, Shudong Li

^*Corresponding author for this work

Faculty of Computing

Pengcheng Laboratory
Harbin Institute of Technology
Guangzhou University

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Packing is a prevalent method employed by malware to evade antivirus software. Early on, there were fewer instances of benign software being packed, leading to biases in datasets collected by antivirus vendors. These biases have caused malware detection engines based on deep learning to overly rely on features from the packed regions. With the increasing use of packing techniques for purposes such as copyright protection, more benign software applications are susceptible to being misclassified as malware. Balancing effective malware detection while mitigating false positives for benign packed software is a pressing issue. To address this challenge, we propose an optimization framework for malware detection based on adversarial networks and gradient reversal. By integrating adversarial networks and gradient reversal techniques, this framework diminishes the reliance on packing-related features during malware detection, prompting deep learning models to prioritize features unrelated to packing. Experimental results demonstrate that our framework significantly enhances malware detection accuracy, particularly showcasing robust capabilities in detecting newly packed malware.

Original language	English
Title of host publication	Cyberspace Simulation and Evaluation - 3rd International Conference, CSE 2024, Proceedings
Editors	Guangxia Xu, Guangxia Xu, Wanlei Zhou, Jiawei Zhang, Yanchun Zhang, Yan Jia
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	295-309
Number of pages	15
ISBN (Print)	9789819645022
DOIs	https://doi.org/10.1007/978-981-96-4503-9_20
State	Published - 2025
Event	3rd International Conference on Cyberspace Simulation and Evaluation, CSE 2024 - Shenzhen, China Duration: 26 Nov 2024 → 28 Nov 2024

Publication series

Name	Communications in Computer and Information Science
Volume	2420 CCIS
ISSN (Print)	1865-0929
ISSN (Electronic)	1865-0937

Conference

Conference	3rd International Conference on Cyberspace Simulation and Evaluation, CSE 2024
Country/Territory	China
City	Shenzhen
Period	26/11/24 → 28/11/24

Keywords

Adversarial network
Gradient reversal
Malware
Optimization framework

Access to Document

10.1007/978-981-96-4503-9_20

Cite this

Qiao, Y., Li, B., Zhang, W., Zhang, Y., & Li, S. (2025). Optimization Framework for Malware Detection Based on Adversarial Networks and Gradient Reversal. In G. Xu, G. Xu, W. Zhou, J. Zhang, Y. Zhang, & Y. Jia (Eds.), Cyberspace Simulation and Evaluation - 3rd International Conference, CSE 2024, Proceedings (pp. 295-309). (Communications in Computer and Information Science; Vol. 2420 CCIS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-981-96-4503-9_20

Qiao, Yanchen ; Li, Bowen ; Zhang, Weizhe et al. / Optimization Framework for Malware Detection Based on Adversarial Networks and Gradient Reversal. Cyberspace Simulation and Evaluation - 3rd International Conference, CSE 2024, Proceedings. editor / Guangxia Xu ; Guangxia Xu ; Wanlei Zhou ; Jiawei Zhang ; Yanchun Zhang ; Yan Jia. Springer Science and Business Media Deutschland GmbH, 2025. pp. 295-309 (Communications in Computer and Information Science).

@inproceedings{08aba7c174a84b2db3705d5f4e83e6e0,

title = "Optimization Framework for Malware Detection Based on Adversarial Networks and Gradient Reversal",

abstract = "Packing is a prevalent method employed by malware to evade antivirus software. Early on, there were fewer instances of benign software being packed, leading to biases in datasets collected by antivirus vendors. These biases have caused malware detection engines based on deep learning to overly rely on features from the packed regions. With the increasing use of packing techniques for purposes such as copyright protection, more benign software applications are susceptible to being misclassified as malware. Balancing effective malware detection while mitigating false positives for benign packed software is a pressing issue. To address this challenge, we propose an optimization framework for malware detection based on adversarial networks and gradient reversal. By integrating adversarial networks and gradient reversal techniques, this framework diminishes the reliance on packing-related features during malware detection, prompting deep learning models to prioritize features unrelated to packing. Experimental results demonstrate that our framework significantly enhances malware detection accuracy, particularly showcasing robust capabilities in detecting newly packed malware.",

keywords = "Adversarial network, Gradient reversal, Malware, Optimization framework",

author = "Yanchen Qiao and Bowen Li and Weizhe Zhang and Yu Zhang and Shudong Li",

note = "Publisher Copyright: {\textcopyright} The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2025.; 3rd International Conference on Cyberspace Simulation and Evaluation, CSE 2024 ; Conference date: 26-11-2024 Through 28-11-2024",

year = "2025",

doi = "10.1007/978-981-96-4503-9\_20",

language = "英语",

isbn = "9789819645022",

series = "Communications in Computer and Information Science",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "295--309",

editor = "Guangxia Xu and Guangxia Xu and Wanlei Zhou and Jiawei Zhang and Yanchun Zhang and Yan Jia",

booktitle = "Cyberspace Simulation and Evaluation - 3rd International Conference, CSE 2024, Proceedings",

address = "德国",

}

Qiao, Y, Li, B, Zhang, W, Zhang, Y & Li, S 2025, Optimization Framework for Malware Detection Based on Adversarial Networks and Gradient Reversal. in G Xu, G Xu, W Zhou, J Zhang, Y Zhang & Y Jia (eds), Cyberspace Simulation and Evaluation - 3rd International Conference, CSE 2024, Proceedings. Communications in Computer and Information Science, vol. 2420 CCIS, Springer Science and Business Media Deutschland GmbH, pp. 295-309, 3rd International Conference on Cyberspace Simulation and Evaluation, CSE 2024, Shenzhen, China, 26/11/24. https://doi.org/10.1007/978-981-96-4503-9_20

Optimization Framework for Malware Detection Based on Adversarial Networks and Gradient Reversal. / Qiao, Yanchen; Li, Bowen; Zhang, Weizhe et al.
Cyberspace Simulation and Evaluation - 3rd International Conference, CSE 2024, Proceedings. ed. / Guangxia Xu; Guangxia Xu; Wanlei Zhou; Jiawei Zhang; Yanchun Zhang; Yan Jia. Springer Science and Business Media Deutschland GmbH, 2025. p. 295-309 (Communications in Computer and Information Science; Vol. 2420 CCIS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Optimization Framework for Malware Detection Based on Adversarial Networks and Gradient Reversal

AU - Qiao, Yanchen

AU - Li, Bowen

AU - Zhang, Weizhe

AU - Zhang, Yu

AU - Li, Shudong

N1 - Publisher Copyright: © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2025.

PY - 2025

Y1 - 2025

N2 - Packing is a prevalent method employed by malware to evade antivirus software. Early on, there were fewer instances of benign software being packed, leading to biases in datasets collected by antivirus vendors. These biases have caused malware detection engines based on deep learning to overly rely on features from the packed regions. With the increasing use of packing techniques for purposes such as copyright protection, more benign software applications are susceptible to being misclassified as malware. Balancing effective malware detection while mitigating false positives for benign packed software is a pressing issue. To address this challenge, we propose an optimization framework for malware detection based on adversarial networks and gradient reversal. By integrating adversarial networks and gradient reversal techniques, this framework diminishes the reliance on packing-related features during malware detection, prompting deep learning models to prioritize features unrelated to packing. Experimental results demonstrate that our framework significantly enhances malware detection accuracy, particularly showcasing robust capabilities in detecting newly packed malware.

AB - Packing is a prevalent method employed by malware to evade antivirus software. Early on, there were fewer instances of benign software being packed, leading to biases in datasets collected by antivirus vendors. These biases have caused malware detection engines based on deep learning to overly rely on features from the packed regions. With the increasing use of packing techniques for purposes such as copyright protection, more benign software applications are susceptible to being misclassified as malware. Balancing effective malware detection while mitigating false positives for benign packed software is a pressing issue. To address this challenge, we propose an optimization framework for malware detection based on adversarial networks and gradient reversal. By integrating adversarial networks and gradient reversal techniques, this framework diminishes the reliance on packing-related features during malware detection, prompting deep learning models to prioritize features unrelated to packing. Experimental results demonstrate that our framework significantly enhances malware detection accuracy, particularly showcasing robust capabilities in detecting newly packed malware.

KW - Adversarial network

KW - Gradient reversal

KW - Malware

KW - Optimization framework

UR - https://www.scopus.com/pages/publications/105005390573

U2 - 10.1007/978-981-96-4503-9_20

DO - 10.1007/978-981-96-4503-9_20

M3 - 会议稿件

AN - SCOPUS:105005390573

SN - 9789819645022

T3 - Communications in Computer and Information Science

SP - 295

EP - 309

BT - Cyberspace Simulation and Evaluation - 3rd International Conference, CSE 2024, Proceedings

A2 - Xu, Guangxia

A2 - Zhou, Wanlei

A2 - Zhang, Jiawei

A2 - Zhang, Yanchun

A2 - Jia, Yan

PB - Springer Science and Business Media Deutschland GmbH

T2 - 3rd International Conference on Cyberspace Simulation and Evaluation, CSE 2024

Y2 - 26 November 2024 through 28 November 2024

ER -

Qiao Y, Li B, Zhang W, Zhang Y, Li S. Optimization Framework for Malware Detection Based on Adversarial Networks and Gradient Reversal. In Xu G, Xu G, Zhou W, Zhang J, Zhang Y, Jia Y, editors, Cyberspace Simulation and Evaluation - 3rd International Conference, CSE 2024, Proceedings. Springer Science and Business Media Deutschland GmbH. 2025. p. 295-309. (Communications in Computer and Information Science). doi: 10.1007/978-981-96-4503-9_20