Open Access
ARTICLE
Malware Detection Using Dual Siamese Network Model
1 Department of Software Convergence, Soonchunhyang University, Asan, 31538, Republic of Korea
2 Department of Mobility Convergence Security, Soonchunhyang University, Asan, 31538, Republic of Korea
3 Department of Information Security Engineering, Soonchunhyang University, Asan, 31538, Republic of Korea
* Corresponding Author: Taeguen Kim. Email:
(This article belongs to the Special Issue: Advanced Security for Future Mobile Internet: A Key Challenge for the Digital Transformation)
Computer Modeling in Engineering & Sciences 2024, 141(1), 563-584. https://doi.org/10.32604/cmes.2024.052403
Received 01 April 2024; Accepted 18 June 2024; Issue published 20 August 2024
Abstract
This paper proposes a new approach to counter cyberattacks using the increasingly diverse malware in cyber security. Traditional signature detection methods that utilize static and dynamic features face limitations due to the continuous evolution and diversity of new malware. Recently, machine learning-based malware detection techniques, such as Convolutional Neural Networks (CNN) and Recurrent Neural Networks (RNN), have gained attention. While these methods demonstrate high performance by leveraging static and dynamic features, they are limited in detecting new malware or variants because they learn based on the characteristics of existing malware. To overcome these limitations, malware detection techniques employing One-Shot Learning and Few-Shot Learning have been introduced. Based on this, the Siamese Network, which can effectively learn from a small number of samples and perform predictions based on similarity rather than learning the characteristics of the input data, enables the detection of new malware or variants. We propose a dual Siamese network-based detection framework that utilizes byte images converted from malware binary data to grayscale, and opcode frequency-based images generated after extracting opcodes and converting them into 2-gram frequencies. The proposed framework integrates two independent Siamese network models, one learning from byte images and the other from opcode frequency-based images. The detection models trained on the different kinds of images generated separately apply the L1 distance measure to the output vectors the models generate, calculate the similarity, and then apply different weights to each model. Our proposed framework achieved a malware detection accuracy of 95.9% and 99.83% in the experiments using different malware datasets. The experimental results demonstrate that our malware detection model can effectively detect malware by utilizing two different types of features and employing the dual Siamese network-based model.Keywords
Cite This Article
This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.