Abstract
The use of fileless technologies in malware continues to grow and fileless malware becomes more dangerous and difficult to detect. To address this challenge, we propose a novel visual method for classifying fileless malware based on few-shot learning. First, we built a fileless malware dataset, which is executed through a local virtual environment to collect malware memory dumps. Secondly, memory dumps are clipped and visualized. We developed a new memory dumps trimming method and a novel binary file visualization technique, which can remove redundant data from memory dumps, significantly compress the file size, and then represent the trimmed memory dumps as RGB images. Finally, we propose a few-shot learning framework, namely MMEL (MAML + Mean_subtraction + Euclidean_normalization + Label_Smothing), to improve the performance of the classification method. Experimental results show that our visualization technique and framework outperform other state-of-the-art few-shot learning methods.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
