Dynamic Prototype Network Based on Sample Adaptation for Few-Shot Malware Detection

The continuous increase and spread of malware have caused immeasurable losses to social enterprises and even the country, especially unknown malware. Most existing methods use predefined class samples to train models, which cannot handle unknown malware detection. In this paper, we formalize unknown malware detection as a Few-Shot Learning problem. However, the existing model cannot dynamically adjust the model parameters according to the samples and does not deeply consider the influence of the correlation between samples, so it achieves sub-optimal performance. We propose a Dynamic Prototype Network based on Sample Adaptation for few-shot malware detection (DPNSA). Specifically, we use dynamic convolution to realize dynamic feature extraction based on sample adaptation. Secondly, we define the class feature (prototype) as the mean of the dynamic embedding of all malware samples of each class in the support set. Then, a dual-sample dynamic activation function is proposed, which uses the correlation of the dual-sample to reduce the impact of unrelated features between samples on the metric. Finally, we use the metric-based method to calculate the distance between the query sample and the prototype to realize malware detection. Experiments show that our method outperforms the existing few-shot malware detection models and achieves significant improvement.