A Survey on Artificial Intelligence in Malware as Next-Generation Threats

  • Cong Truong Thanh
  • Ivan Zelinka
Keywords: Artificial intelligence, machine learning, malware, computer virus, security, swarm intelligence


Recent developments in Artificial intelligence (AI) have a vast transformative potential for both cybersecurity defenders and cybercriminals. Anti-malware solutions adopt intelligent techniques to detect and prevent threats to the digital space. In contrast, cybercriminals are aware of the new prospects too and will probably try to use it in their activities. This survey aims at providing an overview on the way artificial intelligence can be used to power a malicious program that is: intelligent evasion techniques, autonomous malware, AI against itself, and applying bio-inspired computation and swarm intelligence.


Anderson, H. S., Kharkar, A., Filar, B., Evans, D., and Roth, P. 2018. Learning to evade static pe machine learning malware models via reinforcement learning. arXiv preprint, arXiv:1801.08917.

Anderson, H. S., Woodbridge, J., and Filar, B. 2016. Deepdga: Adversarially-tuned domain generation and detection. In Proceedings of the 2016 ACM Workshop on Artificial Intelligence and Security, ACM, pp. 13–21.

Brown, T. B., Mane, D., Roy, A., Abadi, M., and Gilmer, J. 2017. Adversarial patch. arXiv preprint arXiv:1712.09665.

Brundage, M. et al. 2018. The malicious use of artificial intelligence: Forecasting, prevention, and mitigation. arXiv preprint arXiv:1802.07228.

Calvet, J. and Bureau, P. M. 2010. Understanding swizzor's obfuscation scheme. In REcon.

Cani, A., Gaudesi, M., Sanchez, E., Squillero, G., and Tonda, A. P. 2014. Towards automated malware creation: code generation and code integration. In SAC, pp. 157–160.

Chen, S., et al. 2018. Automated poisoning attacks and defenses in malware detection systems: An adversarial machine learning approach. Computers & Security 73, 326{344.

Cohen, F. 1987. Computer viruses: theory and experiments. Computers & Security 6, 1, 22–35.

Cong, T., Zelinka, I., Plucar, J., Candik, M., and Sulc, V. 2019. Artificial intelligence and cybersecurity. To appear in Proceedings of 4th International Conference on Artificial Intelligence and Evolutionary Computations in Engineering Systems.

Cong, T, Zelinka, I., and Senkerik, R. Neural swarm virus. To appear in Proceedings of 7-th Joint International Conferences on Swarm, Evolutionary and Memetic Computing Conference (SEMCCO 2019) & Fuzzy And Neural Computing Conference (FANCCO 2019)

Dagon, D., Zou, C. C., and Lee, W. 2006. Modeling botnet propagation using time zones. In NDSS, vol. 6, pp. 2–13.

Davendra, D., Zelinka, I., et al. 2016 Self-organizing migrating algorithm. Springer. doi: 10.1007/978-3-319-28161-2

Dorigo, M. and Birattari, M. 2010. Ant colony optimization. Springer.

Eberhart, R. and Kennedy, J. 1995. A new optimizer using particle swarm theory. In MHS'95 – Proceedings of the Sixth International Symposium on Micro Machine and Human Science, IEEE, pp. 39–43.

Ferrie, P. and Shannon, H. 2005. Virus analysis 2 – It's zell(d)ome the one you expect. Virus Bulletin, pp. 7–11.

Filiol, E. 2004. Strong cryptography armoured computer viruses forbidding code analysis: The bradley virus. Ph.D. thesis, INRIA.

Geigel, A. 2013. Neural network trojan. Journal of Computer Security 21, 2, 191–232.

Geigel, A. 2014. Unsupervised learning trojan. Ph.D. thesis, Nova Southeastern University.

Goodfellow, I. J., Shlens, J., and Szegedy, C. 2014. Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572.

Hu, W. and Tan, Y. 2017. Generating adversarial malware examples for black-box attacks based on gan. arXiv preprint arXiv:1702.05983.

Iliopoulos, D., Adami, C., and Szor, P. 2011. Darwin inside the machines: Malware evolution and the consequences for computer security. arXiv preprint arXiv:1111.2503.

Kennedy, J. 2006. Swarm intelligence. In Handbook of nature-inspired and innovative computing, Springer, pp. 187–219.

Kudo, T., Kimura, T., Inoue, Y., Aman, H., and Hirata, K. 2016. Behavior analysis of self-evolving botnets. In 2016 International Conference on Computer, Information and Telecommunication Systems (CITS), IEEE, pp. 1–5.

Kudo, T., Kimura, T., Inoue, Y., Aman, H., and Hirata, K. 2018. Stochastic modeling of self-evolving botnets with vulnerability discovery. Computer Communications 124, pp. 101–110.

Kushner, D. 2013. The real story of stuxnet. IEEE Spectrum 3, 50, pp. 48–53.

Laz, S., Lamzabi, S., Rachadi, A., and Ez-Zahraouy, H. 2017. The impact of neighboring infection on the computer virus spread in packets on scale-free networks. International Journal of Modern Physics B 31, 30, 1750228. doi: 10.1142/S0217979217502289.

Li, P., Liu, Q., Zhao, W., Wang, D., and Wang, S. 2018. Bebp: an poisoning method against machine learning based idss. arXiv preprint arXiv:1803.03965.

Lindorfer, M., Neumayr, M., Caballero, J., and Platzer, C. 2013. Poster: Cross-platform malware: write once, infect everywhere. In Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, ACM, pp. 1425–1428.

Maes, P. 1995. Intelligent software. Scientific American 273, 3, pp. 84–86.

Meng, G., Xue, Y., Mahinthan, C., Narayanan, A., Liu, Y., Zhang, J. and Chen, T. 2016. Mystique: Evolving android malware for auditing anti-malware tools. In Proceedings of the 11th ACM on Asia conference on computer and communications security, ACM, pp. 365–376.

Nelson, B., Barreno, M., Chi, F. J., Joseph, A. D., Rubinstein, B. I., Saini, U., Sutton, C. A., Tygar, J.D., and Xia, K. 2008. Exploiting machine learning to subvert your spam filter. LEET 8, pp. 1–9.

Ney, P., Koscher, K., Organick, L., Ceze, L., Kohno, T. 2017. Computer security, privacy, and DNA sequencing: Compromising computers with synthesized DNA, privacy leaks, and more. In 26th USENIX Security Symposium (USENIX Security 17), pp. 765–779.

Nguyen, M. H., Le Nguyen, D., Nguyen, X. M., and Quan, T. T. 2018. Auto-detection of sophisticated malware using lazy-binding control flow graph and deep learning. Computers & Security 76, pp. 128–155.

Noreen, S., Murtaza, S., Shaq, M. Z., and Farooq, M. 2009. Evolvable malware. In Proceedings of the 11th Annual conference on Genetic and evolutionary computation, ACM, pp. 1569–1576.

Pan, J., Fung, C. C. 2008. Artificial intelligence in malware-Cop or culprit? University of Western Australia.

Pan, W. and Jin, Z. 2018. Edge-based modeling of computer virus contagion on a tripartite graph. Applied Mathematics and Computation 320, pp. 282–291.

Parsaei, M. R., Javidan, R., Kargar, N. S., and Nik, H. S. 2017. On the global stability of an epidemic model of computer viruses. Theory in Biosciences 136, 3{4, pp. 169–178.

Rad, B.B., Masrom, M., Ibrahim, S.: Camouflage in malware: from encryption to metamorphism. International Journal of Computer Science and Network Security 12, 8, pp. 74–83.

Ren, J. and Xu, Y. 2017. A compartmental model for computer virus propagation with kill signals. Physica A: Statistical Mechanics and its Applications 486, pp. 446–454.

Singh, J., Kumar, D., Hammouch, Z., and Atangana, A. 2018. A fractional epidemiological model for computer viruses pertaining to a new fractional derivative. Applied Mathematics and Computation 316, pp. 504–515.

Steels, L. 1993. The artificial life roots of artificial intelligence. Artificial life 1, 1–2, pp. 75–110.

Stoecklin, M. P. 2018. Deeplocker: How AI can power a stealthy new breed of malware. Security Intelligence, August 8: https://securityintelligence.com/deeplocker-how-ai-can-power-a-stealthy-new-breed-of-malware/

Szor, P. 2005. The Art of Computer Virus Research and Defense. Pearson Education.

Tramer, F., Zhang, F., Juels, A., Reiter, M. K., and Ristenpart, T. 2016. Stealing machine learning models via prediction apis. In 25th USENIX Security Symposium (USENIX Security 16), pp. 601–618.

Whitley, D. 1994. A genetic algorithm tutorial. Statistics and computing 4, 2, 65–85.

Xu, W., Qi, Y., and Evans, D. 2016. Automatically evading classifiers. In Proceedings of the 2016 network and distributed systems symposium, pp. 21–24.

Zelinka, I. 2004. SOMA { self organizing migrating algorithm. In New optimization techniques in engineering, Springer, pp. 167–217.

Zelinka, I., Das, S., Sikora, L., and Senkerik, R. 2018. Swarm virus-next-generation virus and antivirus paradigm? Swarm and Evolutionary Computation 43, 207–224.

Zelinka, I. and Jouni, L. 2000. SOMA – self-organizing migrating algorithm. In Mendel 2000, 6th International Conference on Soft Computing, Brno, Czech Republic, pp. 177–187.

Zhang, X. and Gan, C. 2018. Global attractivity and optimal dynamic countermeasure of a virus propagation model in complex networks. Physica A: Statistical Mechanics and its Applications 490, pp. 1004–1018.

How to Cite
Thanh, C. and Zelinka, I. 2019. A Survey on Artificial Intelligence in Malware as Next-Generation Threats. MENDEL. 25, 2 (Dec. 2019), 27-34. DOI:https://doi.org/10.13164/mendel.2019.2.027.
Research articles