EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

Task-Aware Meta Learning-Based Siamese Neural Network for Classifying Control Flow Obfuscated Malware

Jinting Zhu (), Julian Jang-Jaccard, Amardeep Singh, Paul A. Watters () and Seyit Camtepe
Additional contact information
Jinting Zhu: Cybersecurity Lab, Massey University, Auckland 0632, New Zealand
Julian Jang-Jaccard: Cybersecurity Lab, Massey University, Auckland 0632, New Zealand
Amardeep Singh: Cybersecurity Lab, Massey University, Auckland 0632, New Zealand
Paul A. Watters: Cyberstronomy Pty Ltd., Melbourne 3086, Australia
Seyit Camtepe: Data61, Commonwealth Scientific and Industrial Research Organisation (CSIRO), Epping 1710, Australia

Future Internet, 2023, vol. 15, issue 6, 1-22

Abstract: Malware authors apply different techniques of control flow obfuscation, in order to create new malware variants to avoid detection. Existing Siamese neural network (SNN)-based malware detection methods fail to correctly classify different malware families when such obfuscated malware samples are present in the training dataset, resulting in high false-positive rates. To address this issue, we propose a novel task-aware few-shot-learning-based Siamese Neural Network that is resilient against the presence of malware variants affected by such control flow obfuscation techniques. Using the average entropy features of each malware family as inputs, in addition to the image features, our model generates the parameters for the feature layers, to more accurately adjust the feature embedding for different malware families, each of which has obfuscated malware variants. In addition, our proposed method can classify malware classes, even if there are only one or a few training samples available. Our model utilizes few-shot learning with the extracted features of a pre-trained network (e.g., VGG-16), to avoid the bias typically associated with a model trained with a limited number of training samples. Our proposed approach is highly effective in recognizing unique malware signatures, thus correctly classifying malware samples that belong to the same malware family, even in the presence of obfuscated malware variants. Our experimental results, validated by N-way on N-shot learning, show that our model is highly effective in classification accuracy, exceeding a rate >91%, compared to other similar methods.

Keywords: Siamese neural network; meta-learning; malware classification; code obfuscation; few-shot learning (search for similar items in EconPapers)
JEL-codes: O3 (search for similar items in EconPapers)
Date: 2023
References: View complete reference list from CitEc
Citations:

Downloads: (external link)
https://www.mdpi.com/1999-5903/15/6/214/pdf (application/pdf)
https://www.mdpi.com/1999-5903/15/6/214/ (text/html)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:gam:jftint:v:15:y:2023:i:6:p:214-:d:1170782

Access Statistics for this article

Future Internet is currently edited by Ms. Grace You

More articles in Future Internet from MDPI
Bibliographic data for series maintained by MDPI Indexing Manager ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-19
Handle: RePEc:gam:jftint:v:15:y:2023:i:6:p:214-:d:1170782