Open Access iconOpen Access

ARTICLE

crossmark

Malware Detection Using Dual Siamese Network Model

by ByeongYeol An1, JeaHyuk Yang2, Seoyeon Kim2, Taeguen Kim3,*

1 Department of Software Convergence, Soonchunhyang University, Asan, 31538, Republic of Korea
2 Department of Mobility Convergence Security, Soonchunhyang University, Asan, 31538, Republic of Korea
3 Department of Information Security Engineering, Soonchunhyang University, Asan, 31538, Republic of Korea

* Corresponding Author: Taeguen Kim. Email: email

(This article belongs to the Special Issue: Advanced Security for Future Mobile Internet: A Key Challenge for the Digital Transformation)

Computer Modeling in Engineering & Sciences 2024, 141(1), 563-584. https://doi.org/10.32604/cmes.2024.052403

Abstract

This paper proposes a new approach to counter cyberattacks using the increasingly diverse malware in cyber security. Traditional signature detection methods that utilize static and dynamic features face limitations due to the continuous evolution and diversity of new malware. Recently, machine learning-based malware detection techniques, such as Convolutional Neural Networks (CNN) and Recurrent Neural Networks (RNN), have gained attention. While these methods demonstrate high performance by leveraging static and dynamic features, they are limited in detecting new malware or variants because they learn based on the characteristics of existing malware. To overcome these limitations, malware detection techniques employing One-Shot Learning and Few-Shot Learning have been introduced. Based on this, the Siamese Network, which can effectively learn from a small number of samples and perform predictions based on similarity rather than learning the characteristics of the input data, enables the detection of new malware or variants. We propose a dual Siamese network-based detection framework that utilizes byte images converted from malware binary data to grayscale, and opcode frequency-based images generated after extracting opcodes and converting them into 2-gram frequencies. The proposed framework integrates two independent Siamese network models, one learning from byte images and the other from opcode frequency-based images. The detection models trained on the different kinds of images generated separately apply the L1 distance measure to the output vectors the models generate, calculate the similarity, and then apply different weights to each model. Our proposed framework achieved a malware detection accuracy of 95.9% and 99.83% in the experiments using different malware datasets. The experimental results demonstrate that our malware detection model can effectively detect malware by utilizing two different types of features and employing the dual Siamese network-based model.

Keywords


Cite This Article

APA Style
An, B., Yang, J., Kim, S., Kim, T. (2024). Malware detection using dual siamese network model. Computer Modeling in Engineering & Sciences, 141(1), 563-584. https://doi.org/10.32604/cmes.2024.052403
Vancouver Style
An B, Yang J, Kim S, Kim T. Malware detection using dual siamese network model. Comput Model Eng Sci. 2024;141(1):563-584 https://doi.org/10.32604/cmes.2024.052403
IEEE Style
B. An, J. Yang, S. Kim, and T. Kim, “Malware Detection Using Dual Siamese Network Model,” Comput. Model. Eng. Sci., vol. 141, no. 1, pp. 563-584, 2024. https://doi.org/10.32604/cmes.2024.052403



cc Copyright © 2024 The Author(s). Published by Tech Science Press.
This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
  • 641

    View

  • 265

    Download

  • 0

    Like

Share Link