Malware Image Classification Using One-Shot Learning with Siamese Networks

Machine learning has largely applied to malware detection and classification, due to the ineffectiveness of signature-based method toward rapid malware proliferation. Although state-of-the-art machine learning models tend to achieve high performances, they require a large number of training samples....

Full description

Saved in:
Bibliographic Details
Published inProcedia computer science Vol. 159; pp. 1863 - 1871
Main Authors Hsiao, Shou-Ching, Kao, Da-Yu, Liu, Zi-Yuan, Tso, Raylin
Format Journal Article
LanguageEnglish
Published Elsevier B.V 2019
Subjects
Average Hash
Malware Image Classification
One-Shot Learning
Siamese Convolutional Neural Networks
Siamese Convolutional Neural Networks
Average Hash
One-Shot Learning
Malware Image Classification
Online AccessGet full text

Cover

More Information
Summary:Machine learning has largely applied to malware detection and classification, due to the ineffectiveness of signature-based method toward rapid malware proliferation. Although state-of-the-art machine learning models tend to achieve high performances, they require a large number of training samples. It is infeasible to train machine learning models with sufficient malware samples while facing newly appeared malware variants. Therefore, it is important for security protectors to train a model given a small set of data, which can identify malware variants based on the similarity function. In addition, security protectors should keep re-training the models on newly-found samples, while the typical machine learning models based on massive data are not efficient for the instant update. Inspired by recent success using Siamese neural networks for one-shot image recognition, we aim to apply the networks to malware image classification task. The implementation includes three main stages: pre-processing, training, and testing. In the pre-processing stage, the system transforms malware samples to the resized gray-scale images and classifies them by average hash in the same family. In the training and testing stages, Siamese networks are trained to rank similarity between samples and the accuracy is calculated through N-way one-shot tasks. The experiment results showed that our networks outperformed the baseline methods. Besides, this paper indicated that our networks were more suitable for malware image one-shot learning than typical deep learning models.
ISSN:1877-0509
1877-0509
DOI:10.1016/j.procs.2019.09.358