A novel few-shot malware classification approach for unknown family recognition with multi-prototype modeling

Wang, Peng; Tang, Zhijie; Wang, Junfeng

doi:10.1016/j.cose.2021.102273

Cited by 32 publications

(14 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Eliminating redundant APIs from malware API sequences has proven effective [ 29 , 30 , 31 , 32 ]. Our research used the following three commonly used methods to remove duplicate calls.…”

Section: Proposed Methodsmentioning

confidence: 99%

Channel Features and API Frequency-Based Transformer Model for Malware Identification

Qian,

Cong

2024

Sensors

View full text Add to dashboard Cite

Malicious software (malware), in various forms and variants, continues to pose significant threats to user information security. Researchers have identified the effectiveness of utilizing API call sequences to identify malware. However, the evasion techniques employed by malware, such as obfuscation and complex API call sequences, challenge existing detection methods. This research addresses this issue by introducing CAFTrans, a novel transformer-based model for malware detection. We enhance the traditional transformer encoder with a one-dimensional channel attention module (1D-CAM) to improve the correlation between API call vector features, thereby enhancing feature embedding. A word frequency reinforcement module is also implemented to refine API features by preserving low-frequency API features. To capture subtle relationships between APIs and achieve more accurate identification of features for different types of malware, we leverage convolutional neural networks (CNNs) and long short-term memory (LSTM) networks. Experimental results demonstrate the effectiveness of CAFTrans, achieving state-of-the-art performance on the mal-api-2019 dataset with an F1 score of 0.65252 and an AUC of 0.8913. The findings suggest that CAFTrans improves accuracy in distinguishing between various types of malware and exhibits enhanced recognition capabilities for unknown samples and adversarial attacks.

show abstract

“…Eliminating redundant APIs from malware API sequences has proven effective [ 29 , 30 , 31 , 32 ]. Our research used the following three commonly used methods to remove duplicate calls.…”

Section: Proposed Methodsmentioning

confidence: 99%

Channel Features and API Frequency-Based Transformer Model for Malware Identification

Qian,

Cong

2024

Sensors

View full text Add to dashboard Cite

show abstract

“…They achieved a very high accuracy and concluded that their method is universal and robust in detecting malware variants in network environments. Wang et al (2021) proposed a meta-learning based few-shot learning technique to classify novel malware families. They use API invocation sequences from dynamic analysis of malware.…”

Section: Malware Detection/classification Using Few-shot Learningmentioning

confidence: 99%

“…Scarcity of malware samples for malware families is a major problem when it comes to the domain of malware classification ( Wang et al, 2021 ). Training a traditional malware classifier requires a large amount of data.…”

Section: Few-shot Classification Modelsmentioning

confidence: 99%

A few-shot malware classification approach for unknown family recognition using malware feature visualization

Conti¹,

Khandhar²,

Vinod³

2022

Computers & Security

View full text Add to dashboard Cite

“…Images depicting malware assaults, such as spear-phishing attacks, were used in another study to describe the timeline of the attack, with colors indicating which sorts of system connections were successful [ 27 ]. However, applying only one feature is insufficient for effective real-world malware detection or classification context since malware writers' obfuscation tactics may obscure a feature utilized in the machine learning model.…”

Section: Related Workmentioning

confidence: 99%

Digital Forensics for Malware Classification: An Approach for Binary Code to Pixel Vector Transition

Naeem

Amin

Alshamrani

et al. 2022

Computational Intelligence and Neuroscience

View full text Add to dashboard Cite

The most often reported danger to computer security is malware. Antivirus company AV-Test Institute reports that more than 5 million malware samples are created each day. A malware classification method is frequently required to prioritize these occurrences because security teams cannot address all of that malware at once. Malware’s variety, volume, and sophistication are all growing at an alarming rate. Hackers and attackers routinely design systems that can automatically rearrange and encrypt their code to escape discovery. Traditional machine learning approaches, in which classifiers learn based on a hand-crafted feature vector, are ineffective for classifying malware. Recently, deep convolutional neural networks (CNNs) successfully identified and classified malware. To categorize malware, a smart system has been suggested in this research. A novel model of deep learning is introduced to categorize malware families and multiclassification. The malware file is converted to a grayscale picture, and the image is then classified using a convolutional neural network. To evaluate the performance of our technique, we used a Microsoft malware dataset of 10,000 samples with nine distinct classifications. The findings stood out among the deep learning models with 99.97% accuracy for nine malware types.

show abstract

A novel few-shot malware classification approach for unknown family recognition with multi-prototype modeling

Cited by 32 publications

References 13 publications

Channel Features and API Frequency-Based Transformer Model for Malware Identification

Channel Features and API Frequency-Based Transformer Model for Malware Identification

A few-shot malware classification approach for unknown family recognition using malware feature visualization

Digital Forensics for Malware Classification: An Approach for Binary Code to Pixel Vector Transition

Contact Info

Product

Resources

About