Self-evolving Malware Detection for Cyber Security using Network Traffic and Incremental Learning
Malware detection is an important step in network security. Traditional malware detection methods suffer from the ability to learn, understand, process, and apply characteristics of network traffic data accurately, and in a relatively short space of time. It also cannot learn new tasks without forgetting the old tasks. In this paper, we propose a self-evolving malware detection (SEMD) method using network traffic and incremental learning. Incremental learning (IL) method is one of the important methods in deep learning, which can learn new tasks without forgetting the old tasks. Its loss function draws lessons from the idea of knowledge distillation. Experimental results show that the proposed method can recognize both old tasks and new tasks (overcoming the problem of catastrophic network forgetting). The performance of the proposed SEMD method is also better than the general method of incremental learning without self-evolving.