Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Zhu, Jinting, Jang-Jaccard, Julian, Welch, Ian, AI-Sahaf, Harith, Camtepe, Seyit, Dunmore, Aeryn, Lab, Cybersecurity
Format: Preprint
Veröffentlicht: 2024
Schlagworte:
Online-Zugang:https://arxiv.org/abs/2411.14029
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
_version_ 1866929599699484672
author Zhu, Jinting
Jang-Jaccard, Julian
Welch, Ian
AI-Sahaf, Harith
Camtepe, Seyit
Dunmore, Aeryn
Lab, Cybersecurity
author_facet Zhu, Jinting
Jang-Jaccard, Julian
Welch, Ian
AI-Sahaf, Harith
Camtepe, Seyit
Dunmore, Aeryn
Lab, Cybersecurity
contents When malware employs an unseen zero-day exploit, traditional security measures such as vulnerability scanners and antivirus software can fail to detect them. This is because these tools rely on known patches and signatures, which do not exist for new zero-day attacks. Furthermore, existing machine learning methods, which are trained on specific and occasionally outdated malware samples, may struggle to adapt to features in new malware. To address this issue, there is a need for a more robust machine learning model that can identify relationships between malware samples without being trained on a particular malware feature set. This is particularly crucial in the field of cybersecurity, where the number of malware samples is limited and obfuscation techniques are widely used. Current approaches using stacked autoencoders aim to remove the noise introduced by obfuscation techniques through reconstruction of the input. However, this approach ignores the semantic relationships between features across different malware samples. To overcome this limitation, we propose a novel Siamese Neural Network (SNN) that uses relation-aware embeddings to calculate more accurate similarity probabilities based on semantic details of different malware samples. In addition, by using entropy images as inputs, our model can extract better structural information and subtle differences in malware signatures, even in the presence of obfuscation techniques. Evaluations on two large malware sample sets using the N-shot and N-way methods show that our proposed model is highly effective in predicting previously unseen malware, even in the presence of obfuscation techniques.
format Preprint
id arxiv_https___arxiv_org_abs_2411_14029
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle Relation-aware based Siamese Denoising Autoencoder for Malware Few-shot Classification
Zhu, Jinting
Jang-Jaccard, Julian
Welch, Ian
AI-Sahaf, Harith
Camtepe, Seyit
Dunmore, Aeryn
Lab, Cybersecurity
Cryptography and Security
When malware employs an unseen zero-day exploit, traditional security measures such as vulnerability scanners and antivirus software can fail to detect them. This is because these tools rely on known patches and signatures, which do not exist for new zero-day attacks. Furthermore, existing machine learning methods, which are trained on specific and occasionally outdated malware samples, may struggle to adapt to features in new malware. To address this issue, there is a need for a more robust machine learning model that can identify relationships between malware samples without being trained on a particular malware feature set. This is particularly crucial in the field of cybersecurity, where the number of malware samples is limited and obfuscation techniques are widely used. Current approaches using stacked autoencoders aim to remove the noise introduced by obfuscation techniques through reconstruction of the input. However, this approach ignores the semantic relationships between features across different malware samples. To overcome this limitation, we propose a novel Siamese Neural Network (SNN) that uses relation-aware embeddings to calculate more accurate similarity probabilities based on semantic details of different malware samples. In addition, by using entropy images as inputs, our model can extract better structural information and subtle differences in malware signatures, even in the presence of obfuscation techniques. Evaluations on two large malware sample sets using the N-shot and N-way methods show that our proposed model is highly effective in predicting previously unseen malware, even in the presence of obfuscation techniques.
title Relation-aware based Siamese Denoising Autoencoder for Malware Few-shot Classification
topic Cryptography and Security
url https://arxiv.org/abs/2411.14029