Task-Aware Meta Learning-based Siamese Neural Network for Classifying Obfuscated Malware

Malware authors apply different obfuscation techniques on the generic feature of malware (i.e., unique malware signature) to create new variants to avoid detection. Existing Siamese Neural Network (SNN) based malware detection methods fail to correctly classify different malware families when similar generic features are shared across multiple malware variants resulting in high false-positive rates. To address this issue, we propose a novel Task-Aware Meta Learning-based Siamese Neural Network resilient against obfuscated malware while able to detect malware trained with one or a few training samples. Using entropy features of each malware signature alongside image features as task inputs, our task-aware meta leaner generates the parameters for the feature layers to more accurately adjust the feature embedding for different malware families. In addition, our model utilizes metalearning with the extracted features of a pre-trained network (e.g., VGG-16) to avoid the bias typically associated with a model trained with a limited number of training samples. Our proposed approach is highly effective in recognizing unique malware signatures, thus correctly classifying malware samples that belong to the same malware family even in the presence of obfuscation technique applied to malware. Our experimental results, validated with N-way on N-shot learning, show that our model is highly effective in classification accuracy exceeding the rate >91% compared to other similar methods.

[1]  Dan Chia-Tien Lo,et al.  Binary malware image classification using machine learning with local binary pattern , 2017, 2017 IEEE International Conference on Big Data (Big Data).

[2]  Ali Dehghantanha,et al.  Machine learning aided Android malware classification , 2017, Comput. Electr. Eng..

[3]  Amin Azmoodeh,et al.  Graph embedding as a new approach for unknown malware detection , 2017, Journal of Computer Virology and Hacking Techniques.

[4]  Gregory R. Koch,et al.  Siamese Neural Networks for One-Shot Image Recognition , 2015 .

[5]  Dong Liu,et al.  Byte-level malware classification based on markov images and deep learning , 2020, Comput. Secur..

[6]  Oriol Vinyals,et al.  Matching Networks for One Shot Learning , 2016, NIPS.

[7]  Yu Qiao,et al.  A Discriminative Feature Learning Approach for Deep Face Recognition , 2016, ECCV.

[8]  Quan Qian,et al.  Deep Learning and Visualization for Identifying Malware Families , 2018, IEEE Transactions on Dependable and Secure Computing.

[9]  Eric Medvet,et al.  Detection of Obfuscation Techniques in Android Applications , 2018, ARES.

[10]  Hiroshi Sato,et al.  Image-Based Unknown Malware Classification with Few-Shot Learning Models , 2019, 2019 Seventh International Symposium on Computing and Networking Workshops (CANDARW).

[11]  Edward Raff,et al.  An investigation of byte n-gram features for malware classification , 2018, Journal of Computer Virology and Hacking Techniques.

[12]  Richard S. Zemel,et al.  Prototypical Networks for Few-shot Learning , 2017, NIPS.

[13]  Yanhui Guo,et al.  Malware family classification method based on static feature extraction , 2017, 2017 3rd IEEE International Conference on Computer and Communications (ICCC).

[14]  Peng Wang,et al.  ConvProtoNet: Deep Prototype Induction towards Better Class Representation for Few-Shot Malware Classification , 2020, Applied Sciences.

[15]  Debojyoti Dutta,et al.  MIGAN: Malware Image Synthesis Using GANs , 2019, AAAI.

[16]  Daniel Gibert,et al.  Classification of Malware by Using Structural Entropy on Convolutional Neural Networks , 2018, AAAI.

[17]  Dong Hoon Lee,et al.  Enhanced Android App-Repackaging Attack on In-Vehicle Network , 2019, Wirel. Commun. Mob. Comput..

[18]  Serafeim Moustakidis,et al.  A novel feature extraction methodology using Siamese convolutional neural networks for intrusion detection , 2020, Cybersecurity.

[19]  Shou-Ching Hsiao,et al.  Malware Image Classification Using One-Shot Learning with Siamese Networks , 2019, KES.

[20]  Arun Kumar Sangaiah,et al.  Ransomware classification using patch-based CNN and self-attention network on embedded N-grams of opcodes , 2020, Future Gener. Comput. Syst..

[21]  Qin Zheng,et al.  Image-Based malware classification using ensemble of CNN architectures (IMCEC) , 2020, Comput. Secur..

[22]  Yang Wang,et al.  Malware Classification with Deep Convolutional Neural Networks , 2018, 2018 9th IFIP International Conference on New Technologies, Mobility and Security (NTMS).

[23]  Rui Zhang,et al.  Malware identification using visualization images and deep learning , 2018, Comput. Secur..

[24]  Wanlei Zhou,et al.  Static malware clustering using enhanced deep embedding method , 2019, Concurr. Comput. Pract. Exp..

[25]  K. P. Soman,et al.  A Detailed Investigation and Analysis of Deep Learning Architectures and Visualization Techniques for Malware Family Identification , 2019, Advanced Sciences and Technologies for Security Applications.

[26]  Vivek Balachandran,et al.  Effectiveness of Android Obfuscation on Evading Anti-malware , 2018, CODASPY.

[27]  Jian Liu,et al.  Understanding Android Obfuscation Techniques: A Large-Scale Investigation in the Wild , 2018, SecureComm.

[28]  Xi Zheng,et al.  Security analysis of modern mission critical android mobile applications , 2017, ACSW.

[29]  Andrew Zisserman,et al.  Very Deep Convolutional Networks for Large-Scale Image Recognition , 2014, ICLR.

[30]  Nikos Komodakis,et al.  Dynamic Few-Shot Visual Learning Without Forgetting , 2018, 2018 IEEE/CVF Conference on Computer Vision and Pattern Recognition.

[31]  L. Chen,et al.  STAMINA: Scalable Deep Learning Approach for Malware Classification , 2020 .

[32]  Zhen Li,et al.  AppIS: Protect Android Apps Against Runtime Repackaging Attacks , 2017, 2017 IEEE 23rd International Conference on Parallel and Distributed Systems (ICPADS).

[33]  Tankut Acarman,et al.  Deep learning for effective Android malware detection using API call graph embeddings , 2020, Soft Comput..

[34]  Farhan Ullah,et al.  Malware detection in industrial internet of things based on hybrid image visualization and deep learning model , 2020, Ad Hoc Networks.

[35]  Kouichi Sakurai,et al.  Lightweight Classification of IoT Malware Based on Image Recognition , 2018, 2018 IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC).

[36]  Dong Xu,et al.  Feature Adaptation and Augmentation for Cross-Scene Hyperspectral Image Classification , 2018, IEEE Geoscience and Remote Sensing Letters.

[37]  Aziz Mohaisen,et al.  Andro-Dumpsys: Anti-malware system based on the similarity of malware creator and malware centric information , 2016, Comput. Secur..

[38]  Henrique S. Malvar,et al.  High-quality linear interpolation for demosaicing of Bayer-patterned color images , 2004, 2004 IEEE International Conference on Acoustics, Speech, and Signal Processing.

[39]  Julian Jang-Jaccard,et al.  Joint Spectral Clustering based on Optimal Graph and Feature Selection , 2020, Neural Processing Letters.

[40]  Jie Cao,et al.  Softmax Cross Entropy Loss with Unbiased Decision Boundary for Image Classification , 2018, 2018 Chinese Automation Congress (CAC).

[41]  Aziz Makandar,et al.  Trojan Malware Image Pattern Classification , 2018 .

[42]  Xing Chen,et al.  DroidDet: Effective and robust detection of android malware using static analysis along with rotation forest model , 2018, Neurocomputing.

[43]  Daniel Gibert,et al.  A Hierarchical Convolutional Neural Network for Malware Classification , 2019, 2019 International Joint Conference on Neural Networks (IJCNN).

[44]  Julian Jang-Jaccard,et al.  Multi-Loss Siamese Neural Network With Batch Normalization Layer for Malware Detection , 2020, IEEE Access.

[45]  Gang Zhao,et al.  An Adversarial Machine Learning Method Based on OpCode N-grams Feature in Malware Detection , 2020, 2020 IEEE Fifth International Conference on Data Science in Cyberspace (DSC).