Abstract
The proliferation of malware has resulted in substantial harm to various sectors and economies. Various deep learning-based malware classification methods have been suggested as a means of mitigating malware threats. These methods typically operate under the assumption of independent and identically distributed training and test data. However, this assumption becomes invalid with the evolving malware family. While domain adaptation models offer a potential solution to this issue, their implementation is hindered by the difficulty of collecting new malware variants. In order to address the previously mentioned problem, we suggest an image-based technique for categorizing malware families utilizing domain generalization. Initially, malware is transformed into gray-scale images that depict byte patterns of the malware. Subsequently, these gray-scale images are fed into a model incorporating convolutional block attention to extract features. Furthermore, data augmentation is implemented at the feature level to broaden the distribution of the source domain and enhance the model’s generalization capabilities. Finally, meta-learning is utilized as a training approach to effectively extract domain-invariant representations. A series of experiments are conducted on the BIG2015 and BenchMFC-G1P1P2. The proposed method demonstrates a higher accuracy rate of 88.66% on the BIG2015 and 80.25% on the BenchMFC-G1P1P2, which is better than the existing methods.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Malware Statistics [EB/OL]. https://portal.av-atlas.org/malware/statistics. Accessed 20 May 2024
Gibert, D., Mateu, C., Planes, J., Vicens, R.: Using convolutional neural networks for classification of malware represented as images. J. Comput. Virol. Hack. Tech. 15(2), 15–28 (2019)
Kumar, S., Janet, B.: Dtmic: deep transfer learning for malware image classification. J. Inform. Secur. Appl. 64(103063), 1–18 (2022)
Rustam, F., Ashraf, I., Jurcut, A.D., Bashir, A.K., Zikria, Y.B.: Malware detection using image representation of malware data and transfer learning. J. Paral. Dist. Comput. 172(7), 32–50 (2023)
Alandjani, G.: Securing edge devices: malware classification with dual-attention deep network. Appl. Sci. 14(11), 4645 (2024)
Nataraj, L., Karthikeyan, S., Jacob, G., Manjunath, B.S.: Malware images: visualization and automatic classification. In: Proceedings of the 8th International Symposium on Visualization for Cyber Security, pp. 1–7 (2011)
Ma, Y., Liu, S., Jiang, J., Chen, G., Li, K.: A comprehensive study on learning-based PE malware family classification methods. In: Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, pp. 1314–1325 (2021)
Wang, F., Chai, G., Li, Q., Wang, C.: An efficient deep unsupervised domain adaptation for unknown malware detection. Symmetry 14(2), 296 (2022)
Qi, P., Wang, W., Zhu, L., Ng, S.K.: Unsupervised domain adaptation for static malware detection based on gradient boosting trees. In: Proceedings of the 30th ACM International Conference on Information & Knowledge Management, pp. 1457–1466 (2021)
Li, H., Chen, Z., Spolaor, R., Yan, Q., Zhao, C., Yang, B.: Dart: detecting unseen malware variants using adaptation regularization transfer learning. In: ICC 2019-2019 IEEE International Conference on Communications (ICC), pp. 1–6 (2019)
Bhardwaj, S., Li, A., Dave, M., Bertino, E.: Overcoming the lack of labeled data: training malware detection models using adversarial domain adaptation. Comput. Secur. 140(5), 103769 (2024)
Rani, N., Mishra, A., Kumar, R., Ghosh, S., Shukla, S.K., Bagade, P.: A generalized unknown malware classification. In: International Conference on Security and Privacy in Communication Systems, pp. 793–806 (2022)
Bosansky, B., Hospodkova, L., Najman, M., Rigaki, M., Babayeva, E., Lisy, V.: Counteracting concept drift by learning with future malware predictions. arXiv preprint arXiv:2404.09352 (2024)
Dietterich T G.: Ensemble methods in machine learning. In: International Workshop on Multiple Classifier Systems, pp. 1–15 (2000)
Zhou, K., Yang, Y., Qiao, Y., Xiang, T.: Mixstyle neural networks for domain generalization and adaptation. Int. J. Comput. Vis. 132(3), 822–836 (2024)
Woo, S., Park, J., Lee, J.Y., Kweon, I.S.: Cbam: convolutional block attention module. In: Proceedings of the European Conference on Computer Vision (ECCV), pp. 3–19 (2018)
Blanchard, G., Lee, G., Scott, C.: Generalizing from several related classification tasks to a new unlabeled sample. In: Advances in Neural Information Processing Systems (NIPS’11), pp. 2178–2186 (2011)
Li, D., Yang, Y., Song, Y., Hospedales, T.: Learning to generalize: meta-learning for domain generalization. In: Proceedings of the AAAI Conference on Artificial Intelligence, pp. 11–25 (2018)
Shu, Y., Cao, Z., Wang, C., Wang, J., Long, M.: Open domain generalization with domain-augmented meta-learning. In: Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, pp. 9624–9633 (2021)
Zhou, K., Yang, Y., Qiao, Y., Xiang, T.: Domain adaptive ensemble learning. IEEE Trans. Image Proc. 30(4), 8008–8018 (2021)
Zhang, H., Cisse, M., Dauphin, Y.N., Lopez-Paz, D.: Mixup: beyond empirical risk minimization. In: International Conference on Learning Representations, pp. 1–13 (2018)
Yun, S., Han, D., Oh S.J. , Chun, S., Choe, J., Yoo, Y.: Cutmix: regularization strategy to train strong classifiers with localizable features. In: Proceedings of the IEEE/CVF International Conference on Computer Vision, pp. 6023–6032 (2019)
Zhou, K., Yang, Y., Hospedales, T., Xiang, T.: Deep domain-adversarial image generation for domain generalisation. In: Proceedings of the AAAI Conference on Artificial Intelligence, pp. 13025–13032 (2020)
Ronen, R., Radu, M., Feuerstein, C., Yom-Tov, E., Ahmadi, M.: Microsoft malware classification challenge. arXiv preprint arXiv:1802.10135 (2018)
Chen, Y., et al.: Achieving domain generalization for underwater object detection by domain mixup and contrastive learning. Neurocomputing 528(7), 20–34 (2023)
Jiang, Y., Li, G., Li, S., Guo, Y.: Benchmfc: a benchmark dataset for trustworthy malware family classification under concept drift. Comput. Secur. 139(8), 103706 (2024)
Krueger, D., et al.: Out-of-distribution generalization via risk extrapolation (rex). In: International Conference on Machine Learning, pp. 5815–5826 (2021)
Acknowledgements
This research was funded by the National Natural Science Foundation of China under Grant 62462012, and Science and Technology Program of Hebei under Grant 22567606H.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2025 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Wang, F., Chen, Y., Song, R., Li, Q., Wang, C. (2025). Feature Augmented Meta-Learning on Domain Generalization for Evolving Malware Classification. In: Zhu, T., Li, J., Castiglione, A. (eds) Algorithms and Architectures for Parallel Processing. ICA3PP 2024. Lecture Notes in Computer Science, vol 15252. Springer, Singapore. https://doi.org/10.1007/978-981-96-1528-5_14
Download citation
DOI: https://doi.org/10.1007/978-981-96-1528-5_14
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-96-1527-8
Online ISBN: 978-981-96-1528-5
eBook Packages: Computer ScienceComputer Science (R0)