Generative Adversarial Networks for Dynamic Malware Behavior: A Comprehensive Review, Categorization, and Analysis

Ghebrebrhan Gebrehans; Naveed Ilyas; Khouloud Eledlebi; Willian T. Lunardi; Martin Andreoni; Chan Yeob Yeun; Ernesto Damiani

doi:10.1109/TAI.2025.3537966

Generative Adversarial Networks for Dynamic Malware Behavior: A Comprehensive Review, Categorization, and Analysis

Ghebrebrhan Gebrehans
, Naveed Ilyas
, Khouloud Eledlebi
, Willian T. Lunardi
, Martin Andreoni
, Chan Yeob Yeun
, Ernesto Damiani

Computer Science

University of California at Riverside

Research output: Contribution to journal › Review article › peer-review

9 Scopus citations

Abstract

This paper highlights the critical role of Machine Learning (ML) in combating the dynamic nature of cybersecurity threats. Unlike previous studies focusing mainly on static analysis, this work surveys the literature on dynamic analysis-based malware generation and detection. The study addresses the complexities of applying GANs to tabular data with heavy-tailed and multimodal distributions. It also examines the challenges of generating sequential malware behavior data and categorizes GAN-based models and their primary use cases. Furthermore, the paper evaluates adversarial losses and their limitations in generating dynamic malware behavior. Finally, it identifies existing metrics to assess GAN generalization in malware research and suggests future research directions based on identified limitations.

Original language	British English
Journal	IEEE Transactions on Artificial Intelligence
DOIs	https://doi.org/10.1109/TAI.2025.3537966
State	Accepted/In press - 2025

Keywords

Adversarial Training, Data imbalance
Dynamic analysis
Generative Adversarial Networks (GAN)
Polymorphic malware
Synthetic Malware Generation

Access to Document

10.1109/TAI.2025.3537966

Cite this

@article{037a98aa80a446189f7f8dee341fa051,

title = "Generative Adversarial Networks for Dynamic Malware Behavior: A Comprehensive Review, Categorization, and Analysis",

abstract = "This paper highlights the critical role of Machine Learning (ML) in combating the dynamic nature of cybersecurity threats. Unlike previous studies focusing mainly on static analysis, this work surveys the literature on dynamic analysis-based malware generation and detection. The study addresses the complexities of applying GANs to tabular data with heavy-tailed and multimodal distributions. It also examines the challenges of generating sequential malware behavior data and categorizes GAN-based models and their primary use cases. Furthermore, the paper evaluates adversarial losses and their limitations in generating dynamic malware behavior. Finally, it identifies existing metrics to assess GAN generalization in malware research and suggests future research directions based on identified limitations.",

keywords = "Adversarial Training, Data imbalance, Dynamic analysis, Generative Adversarial Networks (GAN), Polymorphic malware, Synthetic Malware Generation",

author = "Ghebrebrhan Gebrehans and Naveed Ilyas and Khouloud Eledlebi and Lunardi, \{Willian T.\} and Martin Andreoni and Yeun, \{Chan Yeob\} and Ernesto Damiani",

note = "Publisher Copyright: {\textcopyright} 2020 IEEE.",

year = "2025",

doi = "10.1109/TAI.2025.3537966",

language = "British English",

}

TY - JOUR

T1 - Generative Adversarial Networks for Dynamic Malware Behavior

T2 - A Comprehensive Review, Categorization, and Analysis

AU - Gebrehans, Ghebrebrhan

AU - Ilyas, Naveed

AU - Eledlebi, Khouloud

AU - Lunardi, Willian T.

AU - Andreoni, Martin

AU - Yeun, Chan Yeob

AU - Damiani, Ernesto

PY - 2025

Y1 - 2025

N2 - This paper highlights the critical role of Machine Learning (ML) in combating the dynamic nature of cybersecurity threats. Unlike previous studies focusing mainly on static analysis, this work surveys the literature on dynamic analysis-based malware generation and detection. The study addresses the complexities of applying GANs to tabular data with heavy-tailed and multimodal distributions. It also examines the challenges of generating sequential malware behavior data and categorizes GAN-based models and their primary use cases. Furthermore, the paper evaluates adversarial losses and their limitations in generating dynamic malware behavior. Finally, it identifies existing metrics to assess GAN generalization in malware research and suggests future research directions based on identified limitations.

AB - This paper highlights the critical role of Machine Learning (ML) in combating the dynamic nature of cybersecurity threats. Unlike previous studies focusing mainly on static analysis, this work surveys the literature on dynamic analysis-based malware generation and detection. The study addresses the complexities of applying GANs to tabular data with heavy-tailed and multimodal distributions. It also examines the challenges of generating sequential malware behavior data and categorizes GAN-based models and their primary use cases. Furthermore, the paper evaluates adversarial losses and their limitations in generating dynamic malware behavior. Finally, it identifies existing metrics to assess GAN generalization in malware research and suggests future research directions based on identified limitations.

KW - Adversarial Training, Data imbalance

KW - Dynamic analysis

KW - Generative Adversarial Networks (GAN)

KW - Polymorphic malware

KW - Synthetic Malware Generation

UR - https://www.scopus.com/pages/publications/85217486017

U2 - 10.1109/TAI.2025.3537966

DO - 10.1109/TAI.2025.3537966

M3 - Review article

AN - SCOPUS:85217486017

JO - IEEE Transactions on Artificial Intelligence

JF - IEEE Transactions on Artificial Intelligence

ER -

Generative Adversarial Networks for Dynamic Malware Behavior: A Comprehensive Review, Categorization, and Analysis

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this