FASNet: Federated adversarial Siamese networks for robust malware image classification

• Published in: Journal of parallel and distributed computing Vol. 198; p. 105039
• Main Authors: Ambekar, Namrata Govind, Samal, Sonali, Devi, N. Nandini, Thokchom, Surmila
• Format: Journal Article
• Language: English
• Published: Elsevier Inc 01.04.2025
• Subjects: Adversarial training; Data privacy; Federated learning; Malware images; Siamese networks; Siamese networks; Data privacy; Malware images; Federated learning; Adversarial training
• ISSN: 0743-7315
• DOI: 10.1016/j.jpdc.2025.105039

Malware detection faces considerable challenges due to the ever-evolving and complex nature of cyber threats. Various deep learning models have demonstrated effectiveness in identifying malware within organizations. However, developing a reliable distributed malware detection model using diverse data from multiple sources faces significant challenges, which are worsened by privacy concerns, including data distribution issues and the absence of balanced datasets. This requires advanced data privacy techniques. To address this, the proposed FASNet approach makes the following key contributions: This study introduces FASNet, a novel privacy-centric distributed malware detection model designed to enhance detection accuracy and robustness. FASNet employs state-of-the-art Siamese networks as feature extractors and incorporates two significant advancements: federated learning and adversarial training. Federated learning, implemented with a client size of three, ensures that model training is conducted on individual devices, eliminating the need for centralized data collection and addressing data privacy concerns. This design also prevents data dilution and communication overhead while maintaining effective training on each device. Additionally, adversarial training utilizing the Fast Gradient Sign Method (FGSM) generates adversarial images to strengthen the model's resilience. By training on both original and adversarial malware images, FASNet improves its ability to accurately classify malware images that have been intentionally perturbed to mislead the system. Experimental results on the Blended dataset demonstrate the efficacy of the proposed FASNet approach, achieving notable performance with a testing accuracy of 0.9510, precision of 0.9417, recall of 0.9510, f1 score of 0.9384, Matthews Correlation Coefficient (MCC) of 0.9464, Jaccard Index (JI) of 0.9271 and Fowlkes-Mallows Index (FMI) of 0.9725. These experimental findings show that the proposed FASNet method effectively tackles two main challenges: privacy-centric malware detection and an imbalanced dataset. •This paper proposes a novel FASNet, a novel privacy-centric distributed malware detection model. FASNet utilizes state-of-the-art Siamese networks as a feature extractor, with two significant enhancements: the integration of federated learning and the application of adversarial training within the dataset training process. These two modifications substantially improve the model's capability to identify subtle similarities and differences within and between various malware families.•Building upon these enhancements, FASNet employs federated learning with a client size of three. This design ensures that model training occurs on individual devices, thus eliminating the need for centralized data collection. This approach effectively addresses data privacy concerns and preserves the privacy of individual data sources. By limiting the client size to three, FASNet avoids the issue of data dilution across too many clients, thereby maintaining effective training on each device and enhancing the overall performance of the model.•Furthermore, the second enhancement involves integrating adversarial training using the Fast Gradient Sign Method (FGSM) to create adversarial examples and boost the model's resilience. By training the FASNet model on both original and adversarial malware images, this approach improves the model's ability to handle and accurately classify images that have been intentionally modified to mislead it. This exposure to adversarial images during training strengthens the model's robustness against malicious attempts, thereby enhancing its accuracy and reliability in real-world malware detection scenarios.