DART: Detecting Unseen Malware Variants using Adaptation Regularization Transfer Learning


Network traffic analysis has been widely used for detecting malware at a large-scale network. Nevertheless, the emerging malware variants and zero-day exploits keep posing significant challenges to malware detection systems. In this paper, we propose DART, a framework for detecting malicious network traffic based on Adaptation Regularization Transfer Learning (ARIL), which effectively copes with the unseen malware variants problem. Specifically, DART trains the adaptive classifier by simultaneously optimizing three factors: (i) the structural risk functions; (ii) the joint distribution between the known malware and unseen malware variants domains; and (iii) the manifold consistency underlying marginal distribution. In addition, DART also works with encrypted network traffic since it does not leverage information related to the packet content. We assess the effectiveness and efficiency of our proposal with a thorough set of experiments. DART achieves over 90% F-measure and 91% recall, outperforming conventional traffic classification methods and other state-of-the-art intrusion detection systems.

IEEE International Conference on Communications”