Mi-maml: classifying few-shot advanced malware using multi-improved model-agnostic meta-learning
Abstract Malware classification has been successful in utilizing machine learning methods. However, it is limited by the reliance on a large number of high-quality labeled datasets and the issue of overfitting. These limitations hinder the accurate classification of advanced malware with only a few...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
SpringerOpen
2024-11-01
|
| Series: | Cybersecurity |
| Subjects: | |
| Online Access: | https://doi.org/10.1186/s42400-024-00314-9 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1846147690636771328 |
|---|---|
| author | Yulong Ji Kunjin Zou Bin Zou |
| author_facet | Yulong Ji Kunjin Zou Bin Zou |
| author_sort | Yulong Ji |
| collection | DOAJ |
| description | Abstract Malware classification has been successful in utilizing machine learning methods. However, it is limited by the reliance on a large number of high-quality labeled datasets and the issue of overfitting. These limitations hinder the accurate classification of advanced malware with only a few samples available. Meta-learning methods offer a solution by allowing models to quickly adapt to new tasks, even with a small number of samples. However, the effectiveness of meta-learning approaches in malware classification varies due to the diverse nature of malware types. Most meta-learning-based methodologies for malware classification either focus solely on data augmentation or utilize existing neural networks and learning rate schedules to adapt to the meta-learning model. These approaches do not consider the integration of both processes or tailor the neural network and learning rate schedules to the specific task. As a result, the classification performance and generalization capabilities are suboptimal. In this paper, we propose a multi-improved model-agnostic meta-learning (MI-MAML) model that aims to address the challenges encountered in few-shot malware classification. Specifically, we propose two data augmentation techniques to improve the classification performance of few-shot malware. These techniques involve utilizing grayscale images and the Lab color space. Additionally, we customize neural network architectures and learning rate schemes based on the representative few-shot classification method, MAML, to further enhance the model’s classification performance and generalization ability for the task of few-shot malware classification. The results obtained from multiple few-shot malware datasets demonstrate that MI-MAML outperforms other models in terms of categorical accuracy, precision, and f1-score. Furthermore, we have conducted ablation experiments to validate the effectiveness of each stage of our work. |
| format | Article |
| id | doaj-art-a734a570de5544f5a5eadd8ca9c010b6 |
| institution | Kabale University |
| issn | 2523-3246 |
| language | English |
| publishDate | 2024-11-01 |
| publisher | SpringerOpen |
| record_format | Article |
| series | Cybersecurity |
| spelling | doaj-art-a734a570de5544f5a5eadd8ca9c010b62024-12-01T12:32:02ZengSpringerOpenCybersecurity2523-32462024-11-017111910.1186/s42400-024-00314-9Mi-maml: classifying few-shot advanced malware using multi-improved model-agnostic meta-learningYulong Ji0Kunjin Zou1Bin Zou2School of Cyber Science and Technology, Hubei UniversityManchester Metropolitan Joint Institute, Hubei UniversitySchool of Mathematics and Statistic, Hubei Key Laboratory of Applied Mathematics, Hubei UniversityAbstract Malware classification has been successful in utilizing machine learning methods. However, it is limited by the reliance on a large number of high-quality labeled datasets and the issue of overfitting. These limitations hinder the accurate classification of advanced malware with only a few samples available. Meta-learning methods offer a solution by allowing models to quickly adapt to new tasks, even with a small number of samples. However, the effectiveness of meta-learning approaches in malware classification varies due to the diverse nature of malware types. Most meta-learning-based methodologies for malware classification either focus solely on data augmentation or utilize existing neural networks and learning rate schedules to adapt to the meta-learning model. These approaches do not consider the integration of both processes or tailor the neural network and learning rate schedules to the specific task. As a result, the classification performance and generalization capabilities are suboptimal. In this paper, we propose a multi-improved model-agnostic meta-learning (MI-MAML) model that aims to address the challenges encountered in few-shot malware classification. Specifically, we propose two data augmentation techniques to improve the classification performance of few-shot malware. These techniques involve utilizing grayscale images and the Lab color space. Additionally, we customize neural network architectures and learning rate schemes based on the representative few-shot classification method, MAML, to further enhance the model’s classification performance and generalization ability for the task of few-shot malware classification. The results obtained from multiple few-shot malware datasets demonstrate that MI-MAML outperforms other models in terms of categorical accuracy, precision, and f1-score. Furthermore, we have conducted ablation experiments to validate the effectiveness of each stage of our work.https://doi.org/10.1186/s42400-024-00314-9Malware classificationFew-shot learningMeta-learningData augmentation |
| spellingShingle | Yulong Ji Kunjin Zou Bin Zou Mi-maml: classifying few-shot advanced malware using multi-improved model-agnostic meta-learning Cybersecurity Malware classification Few-shot learning Meta-learning Data augmentation |
| title | Mi-maml: classifying few-shot advanced malware using multi-improved model-agnostic meta-learning |
| title_full | Mi-maml: classifying few-shot advanced malware using multi-improved model-agnostic meta-learning |
| title_fullStr | Mi-maml: classifying few-shot advanced malware using multi-improved model-agnostic meta-learning |
| title_full_unstemmed | Mi-maml: classifying few-shot advanced malware using multi-improved model-agnostic meta-learning |
| title_short | Mi-maml: classifying few-shot advanced malware using multi-improved model-agnostic meta-learning |
| title_sort | mi maml classifying few shot advanced malware using multi improved model agnostic meta learning |
| topic | Malware classification Few-shot learning Meta-learning Data augmentation |
| url | https://doi.org/10.1186/s42400-024-00314-9 |
| work_keys_str_mv | AT yulongji mimamlclassifyingfewshotadvancedmalwareusingmultiimprovedmodelagnosticmetalearning AT kunjinzou mimamlclassifyingfewshotadvancedmalwareusingmultiimprovedmodelagnosticmetalearning AT binzou mimamlclassifyingfewshotadvancedmalwareusingmultiimprovedmodelagnosticmetalearning |