Abstract
Although state-of-the-art image-based malware classification models give the best performance, these models fail to consider real-world deployment challenges due to various reasons. We address three such problems through this work: limited dataset problems, imbalanced dataset problems, and lack of model generalizability. We employ a prototypical network-based few-shot learning method for a limited dataset problem and achieve 98.71% accuracy while training with only four malware samples of each class. To address the imbalanced dataset problem, we propose a class-weight technique to increase the weightage of minority classes during the training. The model performs well by improving precision and recall from 0% to close to 60% for the minority class. For the generalized model, we present a meta-learning-based approach and improve model performance from 48% to 72.06% accuracy. We report performances on five diverse datasets. The proposed solutions have the potential to set benchmark performance for their corresponding problem statements.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
References
Singh, A., Handa, A., Kumar, N., Shukla, S.K.: Malware classification using image representation. In: Dolev, S., Hendler, D., Lodha, S., Yung, M. (eds.) CSCML 2019. LNCS, vol. 11527, pp. 75–92. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-20951-3_6
Dhavlle, A., Shukla, S.: A novel malware detection mechanism based on features extracted from converted malware binary images, ArXiv, vol. abs/2104.06652 (2021)
Prajapati, P., Stamp, M.: An empirical analysis of image-based learning techniques for malware classification. In: Stamp, M., Alazab, M., Shalaginov, A. (eds.) Malware Analysis Using Artificial Intelligence and Deep Learning. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-62582-5_16
Kim, J.Y., Cho, S.B.: Obfuscated malware detection using deep generative model based on global/local features. Comput. Secur. 112, 102501 (2022). ISSN 0167-4048. https://doi.org/10.1016/j.cose.2021.102501
Bozkir, A., Tahillioglu, E., Aydos, M., Kara, I.: Catch them alive: a malware detection approach through memory forensics, manifold learning and computer vision. Comput. Secur. 103, 04 (2021)
Nataraj, L., Karthikeyan, S., Jacob, G., Manjunath, B.S.: Malware images: visualization and automatic classification. In: Proceedings of the 8th International Symposium on Visualization for Cyber Security, VizSec 2011. Association for Computing Machinery, New York (2011)
Bhodia, N., Prajapati, P., Di Troia, F., Stamp, M.: Transfer learning for image-based malware classification. In: Proceedings of the 5th International Conference on Information Systems Security and Privacy (2019)
Vasan, D., Alazab, M., Wassan, S., Safaei, B., Zheng, Q.: Image-based malware classification using ensemble of cnn architectures (imcec). Comput. Secur. 92, 101748 (2020)
Lu, Y., Li, J.: Generative adversarial network for improving deep learning based malware classification. In: 2019 Winter Simulation Conference (WSC), pp. 584–593 (2019)
Zhu, J., Jang-Jaccard, J., Singh, A., Welch, I., AI-Sahaf, H., Camtepe, S.: A few-shot meta-learning based siamese neural network using entropy features for ransomware classification. Comput. Secur. 117, 102691 (2022)
Li, D., Yang, Y., Song, Y.-Z., Hospedales, T.M.: Learning to generalize: meta-learning for domain generalization (2017)
Zaeemzadeh, A., Bisagno, N., Sambugaro, Z., Conci, N., Rahnavard, N., Shah, M.: Out-of-distribution detection using union of 1-dimensional subspaces. In: Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, pp. 9452–9461 (2021)
Snell, J., Swersky, K., Zemel, R.S.: Prototypical networks for few-shot learning (2017)
Ronen, R., Radu, M., Feuerstein, C., Yom-Tov, E., Ahmadi, M.: Microsoft malware classification challenge (2018)
Bhattacharyya, A.: On a measure of divergence between two statistical populations defined by their probability distributions. Bull. Calcutta Math. Soc. 35, 99–109 (1943)
Tran, T.K., Sato, H., Kubo, M.: One-shot learning approach for unknown malware classification. In: 2018 5th Asian Conference on Defense Technology (ACDT), pp. 8–13 (2018). https://doi.org/10.1109/ACDT.2018.8593203
Chen, L.: Understanding the efficacy, reliability and resiliency of computer vision techniques for malware detection and future research directions (2019)
Saurabh, A.M., Static, A.U., Methodology, D.: International Conference on Advanced Computation and Telecommunication (ICACAT) 2018, pp. 1–5 (2018). https://doi.org/10.1109/ICACAT.2018.8933769
Tran, T.K., Sato, H., Kubo, M.: Image-based unknown malware classification with few-shot learning models. In: Seventh International Symposium on Computing and Networking Workshops (CANDARW) 2019, pp. 401–407 (2019). https://doi.org/10.1109/CANDARW.2019.00075
Acknowledgement
We thank to the C3i (Cyber Security and Cyber Security for Cyber-Physical Systems) Innovation Hub for partially funding this research project.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Rani, N., Mishra, A., Kumar, R., Ghosh, S., Shukla, S.K., Bagade, P. (2023). A Generalized Unknown Malware Classification. In: Li, F., Liang, K., Lin, Z., Katsikas, S.K. (eds) Security and Privacy in Communication Networks. SecureComm 2022. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 462. Springer, Cham. https://doi.org/10.1007/978-3-031-25538-0_41
Download citation
DOI: https://doi.org/10.1007/978-3-031-25538-0_41
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-25537-3
Online ISBN: 978-3-031-25538-0
eBook Packages: Computer ScienceComputer Science (R0)