Skip to main content
SpringerLink
Log in

Malware Classification Using Attention-Based Transductive Learning Network

  • Conference paper
  • First Online:
Security and Privacy in Communication Networks (SecureComm 2020)

Abstract

Malware has now grown up to be one of the most important threats in the internet security. As the number of malware families has increased rapidly, a malware classification model needs to classify the samples from emerging malware families. In real-world environment, the number of malware samples varies greatly with each family and some malware families only have a few samples. Therefore, it is a challenge task to obtain a malware classification model with strong generalization ability by using only a few labeled malware samples in each family. In this paper, we propose an attention-based transductive learning approach to tackle this problem. To extract features from raw malware binaries, our approach first converts them into gray-scale images. After visualization, an embedding function is used to encode the images into feature maps. Then we build an attention-based Gaussian similarity graph to help transduct the label information from well-labeled instances to unknown instances. With end-to-end training, we validate our attention-based transductive learning network on a malware database of 11,236 samples with 30 different malware families. Comparing with state-of-the-art approaches, the experimental results show that our approach achieves a better performance.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Sonicwall cyber threat report. https://www.sonicwall.com/resources/white-papers/2019-sonicwall-cyber-threat-report/

  2. Krizhevsky, A., Sutskever, I., Hinton, G.E.: Imagenet classification with deep convolutional neural networks. In: Advances in Neural Information Processing Systems, pp. 1097–1105 (2012)

    Google Scholar 

  3. Raff, E., Barker, J., Sylvester, J., Brandon, R., Catanzaro, B., Nicholas, C.K.: Malware detection by eating a whole exe. In: Workshops at the Thirty-Second AAAI Conference on Artificial Intelligence (2018)

    Google Scholar 

  4. Le, Q., Boydell, O., Mac Namee, B., Scanlon, M.: Deep learning at the shallow end: malware classification for non-domain experts. Digital Invest. 26, S118–S126 (2018)

    Article  Google Scholar 

  5. Sung, F., Yang, Y., Zhang, L., Xiang, T., Torr, P.H., Hospedales, T.M.: Learning to compare: relation network for few-shot learning. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 1199–1208 (2018)

    Google Scholar 

  6. Fei-Fei, L., Fergus, R., Perona, P.: One-shot learning of object categories. IEEE Trans. Pattern Anal. Mach. Intell. 28(4), 594–611 (2006)

    Article  Google Scholar 

  7. Vinyals, O., Blundell, C., Lillicrap, T., Wierstra, D. et al.: Matching networks for one shot learning. In: Advances in Neural Information processing systems, pp. 3630–3638 (2016)

    Google Scholar 

  8. Snell, J., Swersky, K., Zemel, R.: Prototypical networks for few-shot learning. In: Advances in Neural Information Processing Systems, pp. 4077–4087 (2017)

    Google Scholar 

  9. Liu, Y., et al.: Learning to propagate labels: Transductive propagation network for few-shot learning (2018). arXiv preprint arXiv:1805.10002

  10. Ravi, S., Larochelle, H.: Optimization as a model for few-shot learning (2016)

    Google Scholar 

  11. Ren, M., et al.: Meta-learning for semi-supervised few-shot classification (2018). arXiv preprint arXiv:1803.00676

  12. Nataraj, L., Karthikeyan, S., Jacob, G., Manjunath, B.: Malware images: visualization and automatic classification. In: Proceedings of the 8th International Symposium on Visualization for Cyber Security, ACM, p. 4 (2011)

    Google Scholar 

  13. Torralba, A., Murphy, K.P., Freeman, W.T., Rubin, M.A.: Context-based vision system for place and object recognition (2003)

    Google Scholar 

  14. Oliva, A., Torralba, A.: Modeling the shape of the scene: a holistic representation of the spatial envelope. Int. J. Comput. Vision 42(3), 145–175 (2001)

    Article  Google Scholar 

  15. Kalash, M., Rochan, M., Mohammed, N., Bruce, N.D., Wang, Y., Iqbal, F.: Malware classification with deep convolutional neural networks. In: 2018 9th IFIP International Conference on New Technologies, Mobility and Security (NTMS), IEEE pp. 1–5 (2018)

    Google Scholar 

  16. Simonyan, K., Zisserman, A.: Very deep convolutional networks for large-scale image recognition (2014). arXiv preprint arXiv:1409.1556

  17. Ding, Y., Wu, R., Xue, F.: Detecting android malware using bytecode image. In: Xiao, J., Mao, Z.-H., Suzumura, T., Zhang, L.-J. (eds.) ICCC 2018. LNCS, vol. 10971, pp. 164–169. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-94307-7_13

    Chapter  Google Scholar 

  18. Tran, T.K., Sato, H., Kubo, M.: One-shot learning approach for unknown malware classification. In: 2018 5th Asian Conference on Defense Technology (ACDT), IEEE pp. 8–13 (2018)

    Google Scholar 

  19. Santoro, A., Bartunov, S., Botvinick, M., Wierstra, D., Lillicrap, T.: Meta-learning with memory-augmented neural networks. In: International Conference on Machine Learning, pp. 1842–1850 (2016)

    Google Scholar 

  20. Woo, S., Park, J., Lee, J.-Y., Kweon, I.S:.Cbam: Convolutional block attention module. In: Proceedings of the European Conference on Computer Vision (ECCV), pp. 3–19 (2018)

    Google Scholar 

  21. Zhou, D., Bousquet, O., Lal, T.N., Weston, J., Schölkopf, B.: Learning with local and global consistency. In: Advances in Neural Information Processing Systems, pp. 321–328 (2004)

    Google Scholar 

  22. MalShare. https://www.malshare.com

  23. Hybrid-Analysis. https://www.hybrid-analysis.com

  24. VirusSign. https://www.virussign.com

  25. Kabanga, E.K., Kim, C.H.: Malware images classification using convolutional neural network. J. Comput. Commun. 6(1), 153–158 (2017)

    Article  Google Scholar 

  26. Sharma, G.A., Singh, K.J., Singh, M.D.: A deep learning approach to image-based malware analysis. In: Das, H., Pattnaik, P.K., Rautaray, S.S., Li, K.-C. (eds.) Progress in Computing, Analytics and Networking. AISC, vol. 1119, pp. 327–339. Springer, Singapore (2020). https://doi.org/10.1007/978-981-15-2414-1_33

    Chapter  Google Scholar 

Download references

Acknowledgement

This work was supported by the National Key R&D Program of China(Grant No. 2018YFC1201102, Grant No. 2017YFB0802804) and Key Program of National Natural Science Foundation of China (Grant No. U1766215).

Author information

Authors and Affiliations

  1. Beijing Key Laboratory of IOT Information Security Technology, Institute of Information Engineering, CAS, Beijing, China

    Liting Deng, Hui Wen, Mingfeng Xin, Yue Sun, Limin Sun & Hongsong Zhu

  2. School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China

    Liting Deng, Hui Wen, Mingfeng Xin, Yue Sun, Limin Sun & Hongsong Zhu

Authors
  1. Liting Deng
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hui Wen
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mingfeng Xin
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yue Sun
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Limin Sun
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Hongsong Zhu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Hui Wen .

Editor information

Editors and Affiliations

  1. Yonsei University, Seoul, Korea (Republic of)

    Noseong Park

  2. George Mason University, Fairfax, VA, USA

    Kun Sun

  3. Dipartimento di Informatica, Universita degli Studi, Milan, Milano, Italy

    Sara Foresti

  4. University of Florida, Gainesville, FL, USA

    Kevin Butler

  5. Division of Nephrology, University of Alabama, Birmingham, AL, USA

    Nitesh Saxena

Rights and permissions

Reprints and permissions

Copyright information

© 2020 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Deng, L., Wen, H., Xin, M., Sun, Y., Sun, L., Zhu, H. (2020). Malware Classification Using Attention-Based Transductive Learning Network. In: Park, N., Sun, K., Foresti, S., Butler, K., Saxena, N. (eds) Security and Privacy in Communication Networks. SecureComm 2020. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 336. Springer, Cham. https://doi.org/10.1007/978-3-030-63095-9_26

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-63095-9_26

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-63094-2

  • Online ISBN: 978-3-030-63095-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation