Malware Triage Approach using a Task Memory based on Meta-Transfer Learning Framework

TL;DR

This paper introduces a novel malware triage method using a meta-learning framework with task memory, enabling rapid classification and prioritization of malware, including zero-day threats, to improve incident response efficiency.

Contribution

It proposes a task memory-based meta-learning approach with a Siamese neural network for fast malware classification and prioritization, addressing zero-day malware detection and reducing computational costs.

Findings

Outperforms existing classification techniques in accuracy.

Effectively identifies risky and unknown malware, including zero-day attacks.

Reduces computational costs by leveraging external task memory.

Abstract

To enhance the efficiency of incident response triage operations, it is not cost-effective to defend all systems equally in a complex cyber environment. Instead, prioritizing the defense of critical functionality and the most vulnerable systems is desirable. Threat intelligence is crucial for guiding Security Operations Center (SOC) analysts' focus toward specific system activity and provides the primary contextual foundation for interpreting security alerts. This paper explores novel approaches for improving incident response triage operations, including dealing with attacks and zero-day malware. This solution for rapid prioritization of different malware have been raised to formulate fast response plans to minimize socioeconomic damage from the massive growth of malware attacks in recent years, it can also be extended to other incident response. We propose a malware triage approach that can rapidly classify and prioritize different malware classes to address this concern. We utilize a pre-trained ResNet18 network based on Siamese Neural Network (SNN) to reduce the biases in weights and parameters. Furthermore, our approach incorporates external task memory to retain the task information of previously encountered examples. This helps to transfer experience to new samples and reduces computational costs, without requiring backpropagation on external memory. Evaluation results indicate that the classification aspect of our proposed method surpasses other similar classification techniques in terms of performance. This new triage strategy based on task memory with meta-learning evaluates the level of similarity matching across malware classes to identify any risky and unknown malware (e.g., zero-day attacks) so that a defense of those that support critical functionality can be conducted.