A Few-Shot Meta-Learning based Siamese Neural Network using Entropy Features for Ransomware Classification

Ransomware defense solutions that can quickly detect and classify different ransomware classes to formulate rapid response plans have been in high demand in recent years. Though the applicability of adopting deep learning techniques to provide automation and self-learning provision has been proven in many application domains, the lack of data available for ransomware (and other malware) samples has been raised as a barrier to developing effective deep learning-based solutions. To address this concern, we propose a few-shot meta-learning based Siamese Neural Network that not only detects ransomware attacks but is able to classify them into different classes. Our proposed model utilizes the entropy feature directly extracted from ransomware binary files to retain more fine-grained features associated with different ransomware signatures. These entropy features are used further to train and optimize our model using a pre-trained network (e.g. VGG-16) in a meta-learning fashion. This approach generates more accurate weight factors, compared to feature images are used, to avoid the bias typically associated with a model trained with a limited number of training samples. Our experimental results show that our proposed model is highly effective in providing a weighted F1-score exceeding the rate >86% compared to other similar methods.

[1]  Julian Jang-Jaccard,et al.  Joint Spectral Clustering based on Optimal Graph and Feature Selection , 2020, Neural Processing Letters.

[2]  Gary King,et al.  Logistic Regression in Rare Events Data , 2001, Political Analysis.

[3]  Vinod Yegneswaran,et al.  A comparative assessment of malware classification using binary texture analysis and dynamic analysis , 2011, AISec '11.

[4]  Julian Jang,et al.  The Inadequacy of Entropy-Based Ransomware Detection , 2019, ICONIP.

[5]  Miroslaw Malek,et al.  Extinguishing Ransomware - A Hybrid Approach to Android Ransomware Detection , 2017, FPS.

[6]  Harith Al-Sahaf,et al.  Particle Swarm Optimization: A Wrapper-Based Feature Selection Method for Ransomware Detection and Classification , 2020, EvoApplications.

[7]  Ali Dehghantanha,et al.  Machine learning aided Android malware classification , 2017, Comput. Electr. Eng..

[8]  Dongkyoo Shin,et al.  Automatic Malicious Code Classification System through Static Analysis Using Machine Learning , 2020, Symmetry.

[9]  William J Buchanan,et al.  Differential Area Analysis for Ransomware Attack Detection within Mixed File Datasets , 2021, Comput. Secur..

[10]  Songqing Yue,et al.  Imbalanced Malware Images Classification: a CNN based Approach , 2017, ArXiv.

[11]  L. Jean Camp,et al.  Measuring Human Resilience in the Face of the Global Epidemiology of Cyber Attacks , 2019, HICSS.

[12]  Lei Du,et al.  Malicious code detection based on CNNs and multi-objective algorithm , 2019, J. Parallel Distributed Comput..

[13]  Ali Dehghantanha,et al.  Leveraging Support Vector Machine for Opcode Density Based Detection of Crypto-Ransomware , 2018, ArXiv.

[14]  Jie Cao,et al.  Softmax Cross Entropy Loss with Unbiased Decision Boundary for Image Classification , 2018, 2018 Chinese Automation Congress (CAC).

[15]  Yu Qiao,et al.  A Discriminative Feature Learning Approach for Deep Face Recognition , 2016, ECCV.

[16]  Qin Zheng,et al.  Image-Based malware classification using ensemble of CNN architectures (IMCEC) , 2020, Comput. Secur..

[17]  Dong Liu,et al.  Byte-level malware classification based on markov images and deep learning , 2020, Comput. Secur..

[18]  B. S. Manjunath,et al.  SigMal: a static signal processing based malware triage , 2013, ACSAC.

[19]  Fariza Sabrina,et al.  Improving Performance of Autoencoder-Based Network Anomaly Detection on NSL-KDD Dataset , 2021, IEEE Access.

[20]  Li Chen,et al.  Deep Transfer Learning for Static Malware Classification , 2018, ArXiv.

[21]  Paul A. Watters,et al.  Task-Aware Meta Learning-based Siamese Neural Network for Classifying Obfuscated Malware , 2021, ArXiv.

[22]  Arun Kumar Sangaiah,et al.  Classification of ransomware families with machine learning based on N-gram of opcodes , 2019, Future Gener. Comput. Syst..

[23]  Julian Jang,et al.  Large Scale Behavioral Analysis of Ransomware Attacks , 2018, ICONIP.

[24]  Kevin Jones,et al.  Early Stage Malware Prediction Using Recurrent Neural Networks , 2017, Comput. Secur..

[25]  Julian Jang-Jaccard,et al.  Multi-Loss Siamese Neural Network With Batch Normalization Layer for Malware Detection , 2020, IEEE Access.

[26]  Jinjun Chen,et al.  Detection of Malicious Code Variants Based on Deep Learning , 2018, IEEE Transactions on Industrial Informatics.

[27]  Ian Welch,et al.  A genetic programming approach to feature selection and construction for ransomware, phishing and spam detection , 2019, GECCO.

[28]  Xu Yang,et al.  An Xception Convolutional Neural Network for Malware Classification with Transfer Learning , 2019, 2019 10th IFIP International Conference on New Technologies, Mobility and Security (NTMS).

[29]  Dhiya Al-Jumeily,et al.  Evaluation of the Dynamic Cybersecurity Risk Using the Entropy Weight Method , 2018 .

[30]  Vinay J. Ribeiro,et al.  RansomWall: A layered defense system against cryptographic ransomware attacks using machine learning , 2018, 2018 10th International Conference on Communication Systems & Networks (COMSNETS).

[31]  Fariza Sabrina,et al.  AE-MLP: A Hybrid Deep Learning Approach for DDoS Detection and Classification , 2021, IEEE Access.