Task-Aware Meta Learning-Based Siamese Neural Network for Classifying Control Flow Obfuscated Malware

Malware authors apply different techniques of control flow obfuscation, in order to create new malware variants to avoid detection. Existing Siamese neural network (SNN)-based malware detection methods fail to correctly classify different malware families when such obfuscated malware samples are present in the training dataset, resulting in high false-positive rates. To address this issue, we propose a novel task-aware few-shot-learning-based Siamese Neural Network that is resilient against the presence of malware variants affected by such control flow obfuscation techniques. Using the average entropy features of each malware family as inputs, in addition to the image features, our model generates the parameters for the feature layers, to more accurately adjust the feature embedding for different malware families, each of which has obfuscated malware variants. In addition, our proposed method can classify malware classes, even if there are only one or a few training samples available. Our model utilizes few-shot learning with the extracted features of a pre-trained network (e.g., VGG-16), to avoid the bias typically associated with a model trained with a limited number of training samples. Our proposed approach is highly effective in recognizing unique malware signatures, thus correctly classifying malware samples that belong to the same malware family, even in the presence of obfuscated malware variants. Our experimental results, validated by N-way on N-shot learning, show that our model is highly effective in classification accuracy, exceeding a rate >91%, compared to other similar methods.

[1]  A. Bondavalli,et al.  Which algorithm can detect unknown attacks? Comparison of supervised, unsupervised and meta-learning algorithms for intrusion detection , 2023, Comput. Secur..

[2]  Jie Li,et al.  Application of meta-learning in cyberspace security: a survey , 2022, Digit. Commun. Networks.

[3]  M. Urschler,et al.  Automated pneumothorax triaging in chest X‐rays in the New Zealand population using deep‐learning algorithms , 2022, Journal of medical imaging and radiation oncology.

[4]  I. Welch,et al.  A Few-Shot Meta-Learning based Siamese Neural Network using Entropy Features for Ransomware Classification , 2021, Comput. Secur..

[5]  Andrea Bondavalli,et al.  Meta-Learning to Improve Unsupervised Intrusion Detection in Cyber-Physical Systems , 2021, ACM Trans. Cyber Phys. Syst..

[6]  Jianhua Ma,et al.  Siamese Neural Network Based Few-Shot Learning for Anomaly Detection in Industrial Cyber-Physical Systems , 2021, IEEE Transactions on Industrial Informatics.

[7]  Julian Jang-Jaccard,et al.  Multi-Loss Siamese Neural Network With Batch Normalization Layer for Malware Detection , 2020, IEEE Access.

[8]  Julian Jang-Jaccard,et al.  Joint Spectral Clustering based on Optimal Graph and Feature Selection , 2020, Neural Processing Letters.

[9]  Arun Kumar Sangaiah,et al.  Ransomware classification using patch-based CNN and self-attention network on embedded N-grams of opcodes , 2020, Future Gener. Comput. Syst..

[10]  Serafeim Moustakidis,et al.  A novel feature extraction methodology using Siamese convolutional neural networks for intrusion detection , 2020, Cybersecurity.

[11]  Farhan Ullah,et al.  Malware detection in industrial internet of things based on hybrid image visualization and deep learning model , 2020, Ad Hoc Networks.

[12]  Gang Zhao,et al.  An Adversarial Machine Learning Method Based on OpCode N-grams Feature in Malware Detection , 2020, 2020 IEEE Fifth International Conference on Data Science in Cyberspace (DSC).

[13]  Qin Zheng,et al.  Image-Based malware classification using ensemble of CNN architectures (IMCEC) , 2020, Comput. Secur..

[14]  Dong Liu,et al.  Byte-level malware classification based on markov images and deep learning , 2020, Comput. Secur..

[15]  Peng Wang,et al.  ConvProtoNet: Deep Prototype Induction towards Better Class Representation for Few-Shot Malware Classification , 2020, Applied Sciences.

[16]  Tankut Acarman,et al.  Deep learning for effective Android malware detection using API call graph embeddings , 2020, Soft Comput..

[17]  Julian Jang,et al.  The Inadequacy of Entropy-Based Ransomware Detection , 2019, ICONIP.

[18]  Hiroshi Sato,et al.  Image-Based Unknown Malware Classification with Few-Shot Learning Models , 2019, 2019 Seventh International Symposium on Computing and Networking Workshops (CANDARW).

[19]  Debojyoti Dutta,et al.  MIGAN: Malware Image Synthesis Using GANs , 2019, AAAI.

[20]  Daniel Gibert,et al.  A Hierarchical Convolutional Neural Network for Malware Classification , 2019, 2019 International Joint Conference on Neural Networks (IJCNN).

[21]  Wanlei Zhou,et al.  Static malware clustering using enhanced deep embedding method , 2019, Concurr. Comput. Pract. Exp..

[22]  Dong Hoon Lee,et al.  Enhanced Android App-Repackaging Attack on In-Vehicle Network , 2019, Wirel. Commun. Mob. Comput..

[23]  Julian Jang,et al.  Large Scale Behavioral Analysis of Ransomware Attacks , 2018, ICONIP.

[24]  Quan Qian,et al.  Deep Learning and Visualization for Identifying Malware Families , 2018, IEEE Transactions on Dependable and Secure Computing.

[25]  Jie Cao,et al.  Softmax Cross Entropy Loss with Unbiased Decision Boundary for Image Classification , 2018, 2018 Chinese Automation Congress (CAC).

[26]  Eric Medvet,et al.  Detection of Obfuscation Techniques in Android Applications , 2018, ARES.

[27]  Rui Zhang,et al.  Malware identification using visualization images and deep learning , 2018, Comput. Secur..

[28]  Daniel Gibert,et al.  Classification of Malware by Using Structural Entropy on Convolutional Neural Networks , 2018, AAAI.

[29]  Nikos Komodakis,et al.  Dynamic Few-Shot Visual Learning Without Forgetting , 2018, 2018 IEEE/CVF Conference on Computer Vision and Pattern Recognition.

[30]  Armen E. Allahverdyan,et al.  Adaptive decision making via entropy minimization , 2018, Int. J. Approx. Reason..

[31]  Vivek Balachandran,et al.  Effectiveness of Android Obfuscation on Evading Anti-malware , 2018, CODASPY.

[32]  Dong Xu,et al.  Feature Adaptation and Augmentation for Cross-Scene Hyperspectral Image Classification , 2018, IEEE Geoscience and Remote Sensing Letters.

[33]  Kouichi Sakurai,et al.  Lightweight Classification of IoT Malware Based on Image Recognition , 2018, 2018 IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC).

[34]  Yang Wang,et al.  Malware Classification with Deep Convolutional Neural Networks , 2018, 2018 9th IFIP International Conference on New Technologies, Mobility and Security (NTMS).

[35]  Edward Raff,et al.  An investigation of byte n-gram features for malware classification , 2018, Journal of Computer Virology and Hacking Techniques.

[36]  Xing Chen,et al.  DroidDet: Effective and robust detection of android malware using static analysis along with rotation forest model , 2018, Neurocomputing.

[37]  Jian Liu,et al.  Understanding Android Obfuscation Techniques: A Large-Scale Investigation in the Wild , 2018, SecureComm.

[38]  Yanhui Guo,et al.  Malware family classification method based on static feature extraction , 2017, 2017 3rd IEEE International Conference on Computer and Communications (ICCC).

[39]  Dan Chia-Tien Lo,et al.  Binary malware image classification using machine learning with local binary pattern , 2017, 2017 IEEE International Conference on Big Data (Big Data).

[40]  Zhen Li,et al.  AppIS: Protect Android Apps Against Runtime Repackaging Attacks , 2017, 2017 IEEE 23rd International Conference on Parallel and Distributed Systems (ICPADS).

[41]  Mohammad Rostami,et al.  Joint Dictionaries for Zero-Shot Learning , 2017, AAAI.

[42]  Amin Azmoodeh,et al.  Graph embedding as a new approach for unknown malware detection , 2017, Journal of Computer Virology and Hacking Techniques.

[43]  Ali Dehghantanha,et al.  Machine learning aided Android malware classification , 2017, Comput. Electr. Eng..

[44]  Richard S. Zemel,et al.  Prototypical Networks for Few-shot Learning , 2017, NIPS.

[45]  Xi Zheng,et al.  Security analysis of modern mission critical android mobile applications , 2017, ACSW.

[46]  Yu Qiao,et al.  A Discriminative Feature Learning Approach for Deep Face Recognition , 2016, ECCV.

[47]  Trac D. Tran,et al.  Sparse signal recovery based on nonconvex entropy minimization , 2016, 2016 IEEE International Conference on Image Processing (ICIP).

[48]  Oriol Vinyals,et al.  Matching Networks for One Shot Learning , 2016, NIPS.

[49]  Aziz Mohaisen,et al.  Andro-Dumpsys: Anti-malware system based on the similarity of malware creator and malware centric information , 2016, Comput. Secur..

[50]  Andrew Zisserman,et al.  Very Deep Convolutional Networks for Large-Scale Image Recognition , 2014, ICLR.

[51]  Cheng Lu,et al.  Entropy Minimization for Shadow Removal , 2009, International Journal of Computer Vision.

[52]  Henrique S. Malvar,et al.  High-quality linear interpolation for demosaicing of Bayer-patterned color images , 2004, 2004 IEEE International Conference on Acoustics, Speech, and Signal Processing.

[53]  Fariza Sabrina,et al.  AE-MLP: A Hybrid Deep Learning Approach for DDoS Detection and Classification , 2021, IEEE Access.

[54]  Paul A. Watters,et al.  Task-Aware Meta Learning-based Siamese Neural Network for Classifying Obfuscated Malware , 2021, ArXiv.

[55]  L. Chen,et al.  STAMINA: Scalable Deep Learning Approach for Malware Classification , 2020 .

[56]  K. P. Soman,et al.  A Detailed Investigation and Analysis of Deep Learning Architectures and Visualization Techniques for Malware Family Identification , 2019, Advanced Sciences and Technologies for Security Applications.

[57]  Shou-Ching Hsiao,et al.  Malware Image Classification Using One-Shot Learning with Siamese Networks , 2019, KES.

[58]  Aziz Makandar,et al.  Trojan Malware Image Pattern Classification , 2018 .

[59]  Gregory R. Koch,et al.  Siamese Neural Networks for One-Shot Image Recognition , 2015 .