Visible to the public One-Shot Learning Approach for Unknown Malware Classification

TitleOne-Shot Learning Approach for Unknown Malware Classification
Publication TypeConference Paper
Year of Publication2018
AuthorsTran, T. K., Sato, H., Kubo, M.
Conference Name2018 5th Asian Conference on Defense Technology (ACDT)
Date Publishedoct
ISBN Number978-1-5386-7678-3
KeywordsAdaptation models, API Sequence, fewshot learning, Human Behavior, intelligent protection systems, invasive software, learning (artificial intelligence), Least Recently Used Access, Malware, malware API calls sequence, malware behavior, malware classification, memory augmented neural network, Metrics, natural language processing, network systems, neural nets, Neural networks, Neural Turing Machine, One-shot learning, one-shot learning approach, one-shot learning network, pattern classification, privacy, pubcrawl, resilience, Resiliency, static analysis, Task Analysis, Training, unknown malware classification, Word2Vec

Early detection of new kinds of malware always plays an important role in defending the network systems. Especially, if intelligent protection systems could themselves detect an existence of new malware types in their system, even with a very small number of malware samples, it must be a huge benefit for the organization as well as the social since it help preventing the spreading of that kind of malware. To deal with learning from few samples, term ``one-shot learning'' or ``fewshot learning'' was introduced, and mostly used in computer vision to recognize images, handwriting, etc. An approach introduced in this paper takes advantage of One-shot learning algorithms in solving the malware classification problem by using Memory Augmented Neural Network in combination with malware's API calls sequence, which is a very valuable source of information for identifying malware behavior. In addition, it also use some advantages of the development in Natural Language Processing field such as word2vec, etc. to convert those API sequences to numeric vectors before feeding to the one-shot learning network. The results confirm very good accuracies compared to the other traditional methods.

Citation Keytran_one-shot_2018