Back to Search Start Over

Malware Detection Using Dual Siamese Network Model.

Authors :
An, ByeongYeol
Yang, JeaHyuk
Kim, Seoyeon
Kim, Taeguen
Source :
CMES-Computer Modeling in Engineering & Sciences; 2024, Vol. 141 Issue 1, p563-584, 22p
Publication Year :
2024

Abstract

This paper proposes a new approach to counter cyberattacks using the increasingly diverse malware in cyber security. Traditional signature detection methods that utilize static and dynamic features face limitations due to the continuous evolution and diversity of new malware. Recently, machine learning-based malware detection techniques, such as Convolutional Neural Networks (CNN) and Recurrent Neural Networks (RNN), have gained attention. While these methods demonstrate high performance by leveraging static and dynamic features, they are limited in detecting new malware or variants because they learn based on the characteristics of existing malware. To overcome these limitations, malware detection techniques employing One-Shot Learning and Few-Shot Learning have been introduced. Based on this, the Siamese Network, which can effectively learn from a small number of samples and perform predictions based on similarity rather than learning the characteristics of the input data, enables the detection of new malware or variants. We propose a dual Siamese network-based detection framework that utilizes byte images converted from malware binary data to grayscale, and opcode frequency-based images generated after extracting opcodes and converting them into 2-gram frequencies. The proposed framework integrates two independent Siamese network models, one learning from byte images and the other from opcode frequency-based images. The detection models trained on the different kinds of images generated separately apply the L1 distance measure to the output vectors the models generate, calculate the similarity, and then apply different weights to each model. Our proposed framework achieved a malware detection accuracy of 95.9% and 99.83% in the experiments using different malware datasets. The experimental results demonstrate that our malware detection model can effectively detect malware by utilizing two different types of features and employing the dual Siamese network-based model. [ABSTRACT FROM AUTHOR]

Details

Language :
English
ISSN :
15261492
Volume :
141
Issue :
1
Database :
Complementary Index
Journal :
CMES-Computer Modeling in Engineering & Sciences
Publication Type :
Academic Journal
Accession number :
179281280
Full Text :
https://doi.org/10.32604/cmes.2024.052403