A few-shot malware classification approach for unknown family recognition using malware feature visualization

Mauro Conti, Shubham Khandhar, P. Vinod

Research output: Contribution to journalArticlepeer-review

Abstract

With the ever-increasing threat of malware attacks, building an effective malware classifier to detect malware promptly is of utmost importance. Malware visualization approaches and deep learning techniques have proven effective in classifying sophisticated malware from benchmark datasets. A major problem with traditional deep learning classifier is the need to re-train the classifier when a new malware family emerges. In this paper, we propose few-shot classification techniques which allows us to classify malware based on a few instances and without the need for re-training the classifier for novel malware families. We also propose a novel malware visualization technique that can represent a malware binary as a 3-channel image. We experiment with two distinct few-shot learning architectures namely CSNN (Convolutional Siamese Neural Network) and Shallow-FS (Shallow Few-Shot). CSNN is more suitable when scarce data is available for training, otherwise Shallow-FS can be used to achieve better performance. Our architectures outperforms state of the art few-shot learning approaches and achieves high accuracy in traditional malware classification. Our experiments show our models’ ability to classify recent and novel malware families from just a few instances with high accuracy.

Original languageEnglish
Article number102887
Pages (from-to)1-16
Number of pages16
JournalComputers and Security
Volume122
DOIs
Publication statusPublished - 2022

Bibliographical note

Green Open Access added to TU Delft Institutional Repository 'You share, we take care!' - Taverne project https://www.openaccess.nl/en/you-share-we-take-care

Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public.

Keywords

  • Deep neural networks
  • Few-shot learning
  • GEM Image
  • Malware classification
  • Malware visualization
  • Siamese neural networks

Fingerprint

Dive into the research topics of 'A few-shot malware classification approach for unknown family recognition using malware feature visualization'. Together they form a unique fingerprint.

Cite this