Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
143 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
46 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Task-Aware Meta Learning-based Siamese Neural Network for Classifying Obfuscated Malware (2110.13409v3)

Published 26 Oct 2021 in cs.CR and cs.AI

Abstract: Malware authors apply different techniques of control flow obfuscation, in order to create new malware variants to avoid detection. Existing Siamese neural network (SNN)-based malware detection methods fail to correctly classify different malware families when such obfuscated malware samples are present in the training dataset, resulting in high false-positive rates. To address this issue, we propose a novel task-aware few-shot-learning-based Siamese Neural Network that is resilient against the presence of malware variants affected by such control flow obfuscation techniques. Using the average entropy features of each malware family as inputs, in addition to the image features, our model generates the parameters for the feature layers, to more accurately adjust the feature embedding for different malware families, each of which has obfuscated malware variants. In addition, our proposed method can classify malware classes, even if there are only one or a few training samples available. Our model utilizes few-shot learning with the extracted features of a pre-trained network (e.g., VGG-16), to avoid the bias typically associated with a model trained with a limited number of training samples. Our proposed approach is highly effective in recognizing unique malware signatures, thus correctly classifying malware samples that belong to the same malware family, even in the presence of obfuscated malware variants. Our experimental results, validated by N-way on N-shot learning, show that our model is highly effective in classification accuracy, exceeding a rate \textgreater 91\%, compared to other similar methods.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (45)
  1. Understanding android obfuscation techniques: A large-scale investigation in the wild. In International Conference on Security and Privacy in Communication Systems, pages 172–192. Springer, 2018.
  2. Effectiveness of android obfuscation on evading anti-malware. In Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy, pages 143–145, 2018.
  3. Detection of obfuscation techniques in android applications. In Proceedings of the 13th International Conference on Availability, Reliability and Security, pages 1–9, 2018.
  4. Appis: Protect android apps against runtime repackaging attacks. In 2017 IEEE 23rd International Conference on Parallel and Distributed Systems (ICPADS), pages 25–32. IEEE, 2017.
  5. Enhanced android app-repackaging attack on in-vehicle network. Wireless Communications and Mobile Computing, 2019, 2019.
  6. Security analysis of modern mission critical android mobile applications. In Proceedings of the Australasian Computer Science Week Multiconference, pages 1–9, 2017.
  7. Droiddet: effective and robust detection of android malware using static analysis along with rotation forest model. Neurocomputing, 272:638–646, 2018.
  8. Malware family classification method based on static feature extraction. In 2017 3rd IEEE International Conference on Computer and Communications (ICCC), pages 507–513. IEEE, 2017.
  9. Encoding machine code instructions for static feature based malware clustering, September 2 2014. US Patent 8,826,439.
  10. Image-based malware classification using ensemble of cnn architectures (imcec). Computers & Security, page 101748, 2020.
  11. Jhu-Sin Luo and Dan Chia-Tien Lo. Binary malware image classification using machine learning with local binary pattern. In 2017 IEEE International Conference on Big Data (Big Data), pages 4664–4667. IEEE, 2017.
  12. Lightweight classification of iot malware based on image recognition. In 2018 IEEE 42Nd annual computer software and applications conference (COMPSAC), volume 2, pages 664–669. IEEE, 2018.
  13. Trojan malware image pattern classification. In Proceedings of International Conference on Cognition and Recognition, pages 253–262. Springer, 2018.
  14. Malware image classification using one-shot learning with siamese networks. Procedia Computer Science, 159:1863–1871, 2019.
  15. Migan: malware image synthesis using gans. In Proceedings of the AAAI Conference on Artificial Intelligence, volume 33, pages 10033–10034, 2019.
  16. An investigation of byte n-gram features for malware classification. Journal of Computer Virology and Hacking Techniques, 14(1):1–20, 2018.
  17. A hierarchical convolutional neural network for malware classification. In 2019 International Joint Conference on Neural Networks (IJCNN), pages 1–8. IEEE, 2019.
  18. Feature adaptation and augmentation for cross-scene hyperspectral image classification. IEEE Geoscience and Remote Sensing Letters, 15(4):622–626, 2018.
  19. Classification of malware by using structural entropy on convolutional neural networks. In Proceedings of the AAAI Conference on Artificial Intelligence, volume 32, 2018.
  20. A detailed investigation and analysis of deep learning architectures and visualization techniques for malware family identification. In Cybersecurity and Secure Information Systems, pages 241–286. Springer, 2019.
  21. Malware identification using visualization images and deep learning. Computers & Security, 77:871–885, 2018.
  22. Malware detection in industrial internet of things based on hybrid image visualization and deep learning model. Ad Hoc Networks, 105:102154, 2020.
  23. Malware classification with deep convolutional neural networks. In 2018 9th IFIP international conference on new technologies, mobility and security (NTMS), pages 1–5. IEEE, 2018.
  24. Machine learning aided android malware classification. Computers & Electrical Engineering, 61:266–274, 2017.
  25. Byte-level malware classification based on markov images and deep learning. Computers & Security, 92:101740, 2020.
  26. Softmax cross entropy loss with unbiased decision boundary for image classification. In 2018 Chinese Automation Congress (CAC), pages 2028–2032. IEEE, 2018.
  27. Sparse signal recovery based on nonconvex entropy minimization. In 2016 IEEE International Conference on Image Processing (ICIP), pages 3867–3871. IEEE, 2016.
  28. Entropy minimization for shadow removal. International Journal of Computer Vision, 85(1):35–57, 2009.
  29. Joint dictionaries for zero-shot learning. In Proceedings of the AAAI conference on artificial intelligence, volume 32, 2018.
  30. Adaptive decision making via entropy minimization. International Journal of Approximate Reasoning, 103:270–287, 2018.
  31. Very deep convolutional networks for large-scale image recognition. arXiv preprint arXiv:1409.1556, 2014.
  32. Dynamic few-shot visual learning without forgetting. In Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pages 4367–4375, 2018.
  33. A discriminative feature learning approach for deep face recognition. In European conference on computer vision, pages 499–515. Springer, 2016.
  34. Andro-dumpsys: Anti-malware system based on the similarity of malware creator and malware centric information. Computers Security, 58:125 – 138, 2016. ISSN 0167-4048. doi:http://dx.doi.org/10.1016/j.cose.2015.12.005. URL http://www.sciencedirect.com/science/article/pii/S016740481600002X.
  35. Multi-loss siamese neural network with batch normalization layer for malware detection. IEEE Access, 8:171542–171550, 2020.
  36. High-quality linear interpolation for demosaicing of bayer-patterned color images. In 2004 IEEE International Conference on Acoustics, Speech, and Signal Processing, volume 3, pages iii–485. IEEE, 2004.
  37. Siamese neural networks for one-shot image recognition. In ICML deep learning workshop, volume 2. Lille, 2015.
  38. Matching networks for one shot learning. arXiv preprint arXiv:1606.04080, 2016.
  39. Prototypical networks for few-shot learning. arXiv preprint arXiv:1703.05175, 2017.
  40. Ae-mlp: A hybrid deep learning approach for ddos detection and classification. IEEE Access, 9:146810–146821, 2021.
  41. Task-aware meta learning-based siamese neural network for classifying obfuscated malware. arXiv preprint arXiv:2110.13409, 2021a.
  42. A few-shot meta-learning based siamese neural network using entropy features for ransomware classification. arXiv preprint arXiv:2112.00668, 2021b.
  43. Large scale behavioral analysis of ransomware attacks. In International Conference on Neural Information Processing, pages 217–229. Springer, 2018.
  44. The inadequacy of entropy-based ransomware detection. In International Conference on Neural Information Processing, pages 181–189. Springer, 2019.
  45. Automated pneumothorax triaging in chest x-rays in the new zealand population using deep-learning algorithms. Journal of Medical Imaging and Radiation Oncology, 2022.
Citations (8)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now