Mi-maml: classifying few-shot advanced malware using multi-improved model-agnostic meta-learning

Yulong Ji; Kunjin Zou; Bin Zou

doi:10.1186/s42400-024-00314-9

Cybersecurity (Nov 2024)

Mi-maml: classifying few-shot advanced malware using multi-improved model-agnostic meta-learning

Yulong Ji,
Kunjin Zou,
Bin Zou

Affiliations

Yulong Ji: School of Cyber Science and Technology, Hubei University
Kunjin Zou: Manchester Metropolitan Joint Institute, Hubei University
Bin Zou: School of Mathematics and Statistic, Hubei Key Laboratory of Applied Mathematics, Hubei University

DOI: https://doi.org/10.1186/s42400-024-00314-9
Journal volume & issue: Vol. 7, no. 1
pp. 1 – 19

Abstract

Read online

Abstract Malware classification has been successful in utilizing machine learning methods. However, it is limited by the reliance on a large number of high-quality labeled datasets and the issue of overfitting. These limitations hinder the accurate classification of advanced malware with only a few samples available. Meta-learning methods offer a solution by allowing models to quickly adapt to new tasks, even with a small number of samples. However, the effectiveness of meta-learning approaches in malware classification varies due to the diverse nature of malware types. Most meta-learning-based methodologies for malware classification either focus solely on data augmentation or utilize existing neural networks and learning rate schedules to adapt to the meta-learning model. These approaches do not consider the integration of both processes or tailor the neural network and learning rate schedules to the specific task. As a result, the classification performance and generalization capabilities are suboptimal. In this paper, we propose a multi-improved model-agnostic meta-learning (MI-MAML) model that aims to address the challenges encountered in few-shot malware classification. Specifically, we propose two data augmentation techniques to improve the classification performance of few-shot malware. These techniques involve utilizing grayscale images and the Lab color space. Additionally, we customize neural network architectures and learning rate schemes based on the representative few-shot classification method, MAML, to further enhance the model’s classification performance and generalization ability for the task of few-shot malware classification. The results obtained from multiple few-shot malware datasets demonstrate that MI-MAML outperforms other models in terms of categorical accuracy, precision, and f1-score. Furthermore, we have conducted ablation experiments to validate the effectiveness of each stage of our work.

Published in Cybersecurity

ISSN: 2523-3246 (Online)
Publisher: SpringerOpen
Country of publisher: Singapore
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering: Electronics: Computer engineering. Computer hardware; Science: Mathematics: Instruments and machines: Electronic computers. Computer science
Website: https://cybersecurity.springeropen.com/

About the journal

Abstract

Keywords