Task-Aware Meta Learning-based Siamese Neural Network for Classifying Obfuscated Malware
Malware authors apply different techniques of control flow obfuscation, in order to create new malware variants to avoid detection. Existing Siamese neural network (SNN)-based malware detection methods fail to correctly classify different malware families when such obfuscated malware samples are pre...
Gespeichert in:
| Veröffentlicht in: | arXiv.org 2023-06 |
|---|---|
| Hauptverfasser: | , , , , |
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | |
|---|---|
| container_issue | |
| container_start_page | |
| container_title | arXiv.org |
| container_volume | |
| creator | Zhu, Jinting Jang-Jaccard, Julian Singh, Amardeep Watters, Paul A Camtepe, Seyit |
| description | Malware authors apply different techniques of control flow obfuscation, in order to create new malware variants to avoid detection. Existing Siamese neural network (SNN)-based malware detection methods fail to correctly classify different malware families when such obfuscated malware samples are present in the training dataset, resulting in high false-positive rates. To address this issue, we propose a novel task-aware few-shot-learning-based Siamese Neural Network that is resilient against the presence of malware variants affected by such control flow obfuscation techniques. Using the average entropy features of each malware family as inputs, in addition to the image features, our model generates the parameters for the feature layers, to more accurately adjust the feature embedding for different malware families, each of which has obfuscated malware variants. In addition, our proposed method can classify malware classes, even if there are only one or a few training samples available. Our model utilizes few-shot learning with the extracted features of a pre-trained network (e.g., VGG-16), to avoid the bias typically associated with a model trained with a limited number of training samples. Our proposed approach is highly effective in recognizing unique malware signatures, thus correctly classifying malware samples that belong to the same malware family, even in the presence of obfuscated malware variants. Our experimental results, validated by N-way on N-shot learning, show that our model is highly effective in classification accuracy, exceeding a rate \textgreater 91\%, compared to other similar methods. |
| doi_str_mv | 10.48550/arxiv.2110.13409 |
| format | Article |
| fullrecord | <record><control><sourceid>proquest_arxiv</sourceid><recordid>TN_cdi_arxiv_primary_2110_13409</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2586682526</sourcerecordid><originalsourceid>FETCH-LOGICAL-a959-240a67af583c3aee5d5fe7db1797ab6fc48a47dba925786183feb2299cd6d0003</originalsourceid><addsrcrecordid>eNotj8tOwzAQRS0kJKrSD2CFJdYpzjh27GUV8ZJauiALdtEksVHaNCl2Qunf47asrmZ05moOIXcxmydKCPaI7rf5mUMcFjFPmL4iE-A8jlQCcENm3m8YYyBTEIJPyGeOfhstDugMXZkB6dKg65ruKyrRm5p-NLgz3tB3MzpsQwyH3m2p7R3NWvS-sccA03VpR1_hEC5W2J7absm1xdab2X9OSf78lGev0XL98pYtlhFqoSNIGMoUrVC84miMqIU1aV3GqU6xlLZKFCZhRg0iVTJW3JoSQOuqlnXw4FNyf6k9axd71-zQHYuTfnHWD8TDhdi7_ns0fig2_ei68FMBQkmpQIDkf3lTXYE</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2586682526</pqid></control><display><type>article</type><title>Task-Aware Meta Learning-based Siamese Neural Network for Classifying Obfuscated Malware</title><source>arXiv.org</source><source>Free E- Journals</source><creator>Zhu, Jinting ; Jang-Jaccard, Julian ; Singh, Amardeep ; Watters, Paul A ; Camtepe, Seyit</creator><creatorcontrib>Zhu, Jinting ; Jang-Jaccard, Julian ; Singh, Amardeep ; Watters, Paul A ; Camtepe, Seyit</creatorcontrib><description>Malware authors apply different techniques of control flow obfuscation, in order to create new malware variants to avoid detection. Existing Siamese neural network (SNN)-based malware detection methods fail to correctly classify different malware families when such obfuscated malware samples are present in the training dataset, resulting in high false-positive rates. To address this issue, we propose a novel task-aware few-shot-learning-based Siamese Neural Network that is resilient against the presence of malware variants affected by such control flow obfuscation techniques. Using the average entropy features of each malware family as inputs, in addition to the image features, our model generates the parameters for the feature layers, to more accurately adjust the feature embedding for different malware families, each of which has obfuscated malware variants. In addition, our proposed method can classify malware classes, even if there are only one or a few training samples available. Our model utilizes few-shot learning with the extracted features of a pre-trained network (e.g., VGG-16), to avoid the bias typically associated with a model trained with a limited number of training samples. Our proposed approach is highly effective in recognizing unique malware signatures, thus correctly classifying malware samples that belong to the same malware family, even in the presence of obfuscated malware variants. Our experimental results, validated by N-way on N-shot learning, show that our model is highly effective in classification accuracy, exceeding a rate \textgreater 91\%, compared to other similar methods.</description><identifier>EISSN: 2331-8422</identifier><identifier>DOI: 10.48550/arxiv.2110.13409</identifier><language>eng</language><publisher>Ithaca: Cornell University Library, arXiv.org</publisher><subject>Classification ; Computer Science - Artificial Intelligence ; Computer Science - Cryptography and Security ; Feature extraction ; Learning ; Malware ; Neural networks ; Training</subject><ispartof>arXiv.org, 2023-06</ispartof><rights>2023. This work is published under http://creativecommons.org/licenses/by/4.0/ (the “License”). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.</rights><rights>http://creativecommons.org/licenses/by/4.0</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>228,230,776,780,881,27904</link.rule.ids><backlink>$$Uhttps://doi.org/10.48550/arXiv.2110.13409$$DView paper in arXiv$$Hfree_for_read</backlink><backlink>$$Uhttps://doi.org/10.3390/fi15060214$$DView published paper (Access to full text may be restricted)$$Hfree_for_read</backlink></links><search><creatorcontrib>Zhu, Jinting</creatorcontrib><creatorcontrib>Jang-Jaccard, Julian</creatorcontrib><creatorcontrib>Singh, Amardeep</creatorcontrib><creatorcontrib>Watters, Paul A</creatorcontrib><creatorcontrib>Camtepe, Seyit</creatorcontrib><title>Task-Aware Meta Learning-based Siamese Neural Network for Classifying Obfuscated Malware</title><title>arXiv.org</title><description>Malware authors apply different techniques of control flow obfuscation, in order to create new malware variants to avoid detection. Existing Siamese neural network (SNN)-based malware detection methods fail to correctly classify different malware families when such obfuscated malware samples are present in the training dataset, resulting in high false-positive rates. To address this issue, we propose a novel task-aware few-shot-learning-based Siamese Neural Network that is resilient against the presence of malware variants affected by such control flow obfuscation techniques. Using the average entropy features of each malware family as inputs, in addition to the image features, our model generates the parameters for the feature layers, to more accurately adjust the feature embedding for different malware families, each of which has obfuscated malware variants. In addition, our proposed method can classify malware classes, even if there are only one or a few training samples available. Our model utilizes few-shot learning with the extracted features of a pre-trained network (e.g., VGG-16), to avoid the bias typically associated with a model trained with a limited number of training samples. Our proposed approach is highly effective in recognizing unique malware signatures, thus correctly classifying malware samples that belong to the same malware family, even in the presence of obfuscated malware variants. Our experimental results, validated by N-way on N-shot learning, show that our model is highly effective in classification accuracy, exceeding a rate \textgreater 91\%, compared to other similar methods.</description><subject>Classification</subject><subject>Computer Science - Artificial Intelligence</subject><subject>Computer Science - Cryptography and Security</subject><subject>Feature extraction</subject><subject>Learning</subject><subject>Malware</subject><subject>Neural networks</subject><subject>Training</subject><issn>2331-8422</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2023</creationdate><recordtype>article</recordtype><sourceid>ABUWG</sourceid><sourceid>AFKRA</sourceid><sourceid>AZQEC</sourceid><sourceid>BENPR</sourceid><sourceid>CCPQU</sourceid><sourceid>DWQXO</sourceid><sourceid>GOX</sourceid><recordid>eNotj8tOwzAQRS0kJKrSD2CFJdYpzjh27GUV8ZJauiALdtEksVHaNCl2Qunf47asrmZ05moOIXcxmydKCPaI7rf5mUMcFjFPmL4iE-A8jlQCcENm3m8YYyBTEIJPyGeOfhstDugMXZkB6dKg65ruKyrRm5p-NLgz3tB3MzpsQwyH3m2p7R3NWvS-sccA03VpR1_hEC5W2J7absm1xdab2X9OSf78lGev0XL98pYtlhFqoSNIGMoUrVC84miMqIU1aV3GqU6xlLZKFCZhRg0iVTJW3JoSQOuqlnXw4FNyf6k9axd71-zQHYuTfnHWD8TDhdi7_ns0fig2_ei68FMBQkmpQIDkf3lTXYE</recordid><startdate>20230615</startdate><enddate>20230615</enddate><creator>Zhu, Jinting</creator><creator>Jang-Jaccard, Julian</creator><creator>Singh, Amardeep</creator><creator>Watters, Paul A</creator><creator>Camtepe, Seyit</creator><general>Cornell University Library, arXiv.org</general><scope>8FE</scope><scope>8FG</scope><scope>ABJCF</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>HCIFZ</scope><scope>L6V</scope><scope>M7S</scope><scope>PIMPY</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PRINS</scope><scope>PTHSS</scope><scope>AKY</scope><scope>GOX</scope></search><sort><creationdate>20230615</creationdate><title>Task-Aware Meta Learning-based Siamese Neural Network for Classifying Obfuscated Malware</title><author>Zhu, Jinting ; Jang-Jaccard, Julian ; Singh, Amardeep ; Watters, Paul A ; Camtepe, Seyit</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-a959-240a67af583c3aee5d5fe7db1797ab6fc48a47dba925786183feb2299cd6d0003</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2023</creationdate><topic>Classification</topic><topic>Computer Science - Artificial Intelligence</topic><topic>Computer Science - Cryptography and Security</topic><topic>Feature extraction</topic><topic>Learning</topic><topic>Malware</topic><topic>Neural networks</topic><topic>Training</topic><toplevel>online_resources</toplevel><creatorcontrib>Zhu, Jinting</creatorcontrib><creatorcontrib>Jang-Jaccard, Julian</creatorcontrib><creatorcontrib>Singh, Amardeep</creatorcontrib><creatorcontrib>Watters, Paul A</creatorcontrib><creatorcontrib>Camtepe, Seyit</creatorcontrib><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>Materials Science & Engineering Collection</collection><collection>ProQuest Central (Alumni Edition)</collection><collection>ProQuest Central UK/Ireland</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Technology Collection (ProQuest)</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Engineering Collection</collection><collection>Engineering Database</collection><collection>Publicly Available Content Database</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central China</collection><collection>Engineering Collection</collection><collection>arXiv Computer Science</collection><collection>arXiv.org</collection><jtitle>arXiv.org</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Zhu, Jinting</au><au>Jang-Jaccard, Julian</au><au>Singh, Amardeep</au><au>Watters, Paul A</au><au>Camtepe, Seyit</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Task-Aware Meta Learning-based Siamese Neural Network for Classifying Obfuscated Malware</atitle><jtitle>arXiv.org</jtitle><date>2023-06-15</date><risdate>2023</risdate><eissn>2331-8422</eissn><abstract>Malware authors apply different techniques of control flow obfuscation, in order to create new malware variants to avoid detection. Existing Siamese neural network (SNN)-based malware detection methods fail to correctly classify different malware families when such obfuscated malware samples are present in the training dataset, resulting in high false-positive rates. To address this issue, we propose a novel task-aware few-shot-learning-based Siamese Neural Network that is resilient against the presence of malware variants affected by such control flow obfuscation techniques. Using the average entropy features of each malware family as inputs, in addition to the image features, our model generates the parameters for the feature layers, to more accurately adjust the feature embedding for different malware families, each of which has obfuscated malware variants. In addition, our proposed method can classify malware classes, even if there are only one or a few training samples available. Our model utilizes few-shot learning with the extracted features of a pre-trained network (e.g., VGG-16), to avoid the bias typically associated with a model trained with a limited number of training samples. Our proposed approach is highly effective in recognizing unique malware signatures, thus correctly classifying malware samples that belong to the same malware family, even in the presence of obfuscated malware variants. Our experimental results, validated by N-way on N-shot learning, show that our model is highly effective in classification accuracy, exceeding a rate \textgreater 91\%, compared to other similar methods.</abstract><cop>Ithaca</cop><pub>Cornell University Library, arXiv.org</pub><doi>10.48550/arxiv.2110.13409</doi><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext |
| identifier | EISSN: 2331-8422 |
| ispartof | arXiv.org, 2023-06 |
| issn | 2331-8422 |
| language | eng |
| recordid | cdi_arxiv_primary_2110_13409 |
| source | arXiv.org; Free E- Journals |
| subjects | Classification Computer Science - Artificial Intelligence Computer Science - Cryptography and Security Feature extraction Learning Malware Neural networks Training |
| title | Task-Aware Meta Learning-based Siamese Neural Network for Classifying Obfuscated Malware |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-24T14%3A01%3A07IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_arxiv&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Task-Aware%20Meta%20Learning-based%20Siamese%20Neural%20Network%20for%20Classifying%20Obfuscated%20Malware&rft.jtitle=arXiv.org&rft.au=Zhu,%20Jinting&rft.date=2023-06-15&rft.eissn=2331-8422&rft_id=info:doi/10.48550/arxiv.2110.13409&rft_dat=%3Cproquest_arxiv%3E2586682526%3C/proquest_arxiv%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2586682526&rft_id=info:pmid/&rfr_iscdi=true |