Abstract
With the proliferation of malware, malware detection techniques have become more critical to protect the security and privacy of users. While existing malware detection techniques have achieved superior accuracy and detection rates, most of these techniques require a large number of labeled samples for training. In general, assembling a large amount of reliable data is still expensive, time-consuming, and even impossible. These malware detection techniques do not achieve good results on a small number of labeled samples and do not have the capability to detect new or variant malware. Therefore, it is necessary to investigate solutions for detecting malware in the few-shot scenario. This paper proposes a hierarchical feature fusion malware detection framework based on multi-task meta-learning, namely Meta-HFMD. The proposed framework first adopts a hierarchical feature fusion approach to learn hierarchical spatial traffic features from packet-level and flow-level. Then, it constructs an efficient multi-task malware detection model based on model-agnostic meta-learning (MAML), which can detect malware with tiny labeled samples. Experimental results demonstrate that Meta-HFMD achieves satisfactory results in the few-shot malware detection task, both in single-platform and cross-platform environments, and its performance metrics outperform other baseline models.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
AltaeTran, H., Ramsundar, B., Pappu, A.S., Pande, V.: Low data drug discovery with one-shot learning. ACS Cent. Sci. 3(4), 283–293 (2017)
Bill, K.: Dataset 20 D2 (2020). https://drive.google.com/drive/folders/1-I3a3lM6v_ANU6uu_AUmpNYt7rGu3kzt
Bo, L., et al.: An approach based on the improved SVM algorithm for identifying malware in network traffic. Secur. Commun. Netw. 2021, 1–14 (2021)
Rong, C., Gou, G., Hou, C., Li, Z., **ong, G., Guo, L.: UMVD-FSL: unseen malware variants detection using few-shot learning. In: 2021 International Joint Conference on Neural Networks (IJCNN), Shenzhen, China, pp. 1–8. IEEE (2021)
Chai, Y., Du, L., Qiu, J., Yin, L., Tian, Z.: Dynamic prototype network based on sample adaptation for few-shot malware detection. IEEE Trans. Knowl. Data Eng. 35(5), 4754–4766 (2023)
Chelsea, F., Abbeel, P., Sergey, L.: Model-agnostic meta-learning for fast adaptation of deep networks. In: Proceedings of the 34th International Conference on Machine Learning, Sydney, Australia, pp. 1126–1135. PMLR (2017)
Chen, R., Li, Y., Fang, W.: Android malware identification based on traffic analysis. In: Sun, X., Pan, Z., Bertino, E. (eds.) ICAIS 2019. LNCS, vol. 11632, pp. 293–303. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-24274-9_26
Conti, M., Khandhar, S., Vinod, P.: A few-shot malware classification approach for unknown family recognition using malware feature visualization. Comput. Secur. 122, 862–887 (2022)
Einy, S., Oz, C., Navaei, Y.D.: The anomaly-and signature-based ids for network security using hybrid inference systems. Math. Probl. Eng. 2021, 1–10 (2021)
Hospedales, T., Antoniou, A., Micaelli, P., Storkey, A.: Meta-learning in neural networks: a survey. IEEE Trans. Pattern Anal. Mach. Intell. 44(9), 5149–5169 (2021)
Hung, L., Quang, P., Doyen, S., Steven, C.: URLNet: learning a URL representation with deep learning for malicious URL detection. ar**v preprint ar**v:1802.03162 (2018)
Ignatov, A., et al.: AI benchmark: all about deep learning on smartphones in 2019. In: 2019 IEEE/CVF International Conference on Computer Vision Workshop (ICCVW), Seoul, Korea, pp. 3617–3635. IEEE (2019)
Khammas, B.M.: Ransomware detection using random forest technique. ICT Express. 6(4), 325–331 (2020)
Lashkari, A.H., Kadir, A.F.A., Taheri, L., Ghorbani, A.A.: Toward develo** a systematic approach to generate benchmark android malware datasets and classification. In: 2018 International Carnahan Conference on Security Technology (ICCST), Bangalore, India, pp. 1–7. IEEE (2018)
Li, W., Bao, H., Zhang, X.Y., Li, L.: Amdetector: detecting large-scale and novel android malware traffic with meta-learning. In: Groen, D., de Mulatier, C., Paszynski, M., Krzhizhanovskaya, V.V., Dongarra, J.J., Sloot, P.M.A. (eds.) ICCS 2022. LNCS, vol. 13353, pp. 387–401. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-08760-8_33
Liu, J., et al.: Deep anomaly detection in packet payload. Neurocomputing 485, 205–218 (2022)
Mahindru, A., Sangal, A.: MLDroid-framework for android malware detection using machine learning techniques. Neural Comput. Appl. 33(10), 5183–5240 (2021)
Marcus, G.: Deep learning: a critical appraisal. ar**v preprint ar**v:1801.00631 (2018)
Nataraj, L., Karthikeyan, S., Jacob, G., Manjunath, B.S.: Malware images: visualization and automatic classification. In: Proceedings of the 8th International Symposium on Visualization for Cyber Security, pp. 1–7 (2011)
Oliva, A., Torralba, A.: Modeling the shape of the scene: a holistic representation of the spatial envelope. Int. J. Comput. Vision 42(3), 145–175 (2001)
Sharan, A., Radhika, K.: Machine learning based solution for detecting malware android applications. Mach. Learn. 4(3), 664–668 (2020)
Stratosphere: Stratosphere laboratory datasets (2015). https://www.stratosphereips.org/datasets-overview
Thrun, S., Pratt, L.: Learning to learn: introduction and overview. In: Thrun, S., Pratt, L. (eds.) Learning to Learn, pp. 3–17. Springer, Boston (1998). https://doi.org/10.1007/978-1-4615-5529-2_1
Uddin, M., Rahman, A.A., Uddin, N., Memon, J., Alsaqour, R.A., Kazi, S.: Signature-based multi-layer distributed intrusion detection system using mobile agents. Int. J. Netw. Secur. 15(1), 79–87 (2013)
Vasan, D., Alazab, M., Wassan, S., Safaei, B., Zheng, Q.: Image-based malware classification using ensemble of CNN architectures (IMCEC). Comput. Secur. 92, 731–748 (2020)
Vasudevan, A., Yerraballi, R.: Spike: engineering malware analysis tools using unobtrusive binary-instrumentation. In: Proceedings of the 29th Australasian Computer Science Conference, Hobart, Australia, vol. 48, pp. 311–320. ACM (2006)
Vu, L.N., Jung, S.: AdMat: a CNN-on-matrix approach to android malware detection and classification. IEEE Access 9, 39680–39694 (2021)
Wang, W., et al.: HAST-IDS: learning hierarchical spatial-temporal features using deep neural networks to improve intrusion detection. IEEE Access 6, 1792–1806 (2017)
Wang, W., Zhu, M., Zeng, X., Ye, X., Sheng, Y.: Malware traffic classification using convolutional neural network for representation learning. In: 2017 International Conference on Information Networking (ICOIN), Da Nang, Vietnam, pp. 712–717. IEEE (2017)
Wang, Z., Tian, J., Qin, J., Fang, H., Chen, L.: A few-shot learning-based siamese capsule network for intrusion detection with imbalanced training data. Comput. Intell. Neurosci. 2021, 1–17 (2021)
Xu, C., Shen, J., Du, X.: A method of few-shot network intrusion detection based on meta-learning framework. IEEE Trans. Inf. Forensics Secur. 15, 3540–3552 (2020)
Yang, M., Chen, X., Luo, Y., Zhang, H.: An android malware detection model based on DT-SVM. Secur. Commun. Netw. 2020, 1–11 (2020)
Wang, Y., Yao, Q., Kwok, J.T., Ni, L.M.: Generalizing from a few examples: a survey on few-shot learning. ACM Comput. Surv. (CSUR) 53(3), 1–34 (2020)
Yude, B., Zhenchang**ng, **aohongLi, Zhiyong, F., Duoyuan, M.: Unsuccessful story about few shot malware family classification and siamese network to the rescue. In: 2020 IEEE/ACM 42nd International Conference on Software Engineering (ICSE), Seoul, South Korea, pp. 1560–1571. IEEE (2020)
Zhijie, T., Peng, W., Junfeng, W.: Convprotonet: deep prototype induction towards better class representation for few-shot malware classification. Appl. Sci. 10(8), 28–47 (2020)
Acknowledgements
This work is jointly supported by the National Natural Science Foundation of China (U19B2028, U22B2061), the National Science and Technology Major Project of the Ministry of Science and Technology of China (2022YFB4300603), the Sichuan Science and Technology Program (2023YFG0151) and the Development of a Big Data-based Platform for Analyzing the Coupling Relationship of Strip Production Processes Project.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Liu, Y., Bai, X., Liu, Q., Lan, T., Zhou, L., Zhou, T. (2024). Meta-HFMD: A Hierarchical Feature Fusion Malware Detection Framework via Multi-task Meta-learning. In: Yang, H., Lu, R. (eds) Frontiers in Cyber Security. FCS 2023. Communications in Computer and Information Science, vol 1992. Springer, Singapore. https://doi.org/10.1007/978-981-99-9331-4_43
Download citation
DOI: https://doi.org/10.1007/978-981-99-9331-4_43
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-99-9330-7
Online ISBN: 978-981-99-9331-4
eBook Packages: Computer ScienceComputer Science (R0)