A few-shot malware classification approach for unknown family recognition using malware feature visualization

With the ever-increasing threat of malware attacks, building an effective malware classifier to detect mal-ware promptly is of utmost importance. Malware visualization approaches and deep learning techniques have proven effective in classifying sophisticated malware from benchmark datasets. A major problem with traditional deep learning classifier is the need to re-train the classifier when a new malware family emerges. In this paper, we propose few-shot classification techniques which allows us to classify mal-ware based on a few instances and without the need for re-training the classifier for novel malware fam-ilies. We also propose a novel malware visualization technique that can represent a malware binary as a 3-channel image. We experiment with two distinct few-shot learning architectures namely CSNN (Con-volutional Siamese Neural Network) and Shallow-FS (Shallow Few-Shot). CSNN is more suitable when scarce data is available for training, otherwise Shallow-FS can be used to achieve better performance. Our architectures outperforms state of the art few-shot learning approaches and achieves high accuracy in traditional malware classification. Our experiments show our models' ability to classify recent and novel malware families from just a few instances with high accuracy.(c) 2022 Elsevier Ltd. All rights reserved.