基于LG-PN的增强未知Android恶意软件检测：原型网络中的局部-全局融合方法

IF 3.8 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications Pub Date : 2025-04-25 DOI:10.1016/j.jisa.2025.104062

Longhui Shu , Shi Dong

{"title":"基于LG-PN的增强未知Android恶意软件检测：原型网络中的局部-全局融合方法","authors":"Longhui Shu , Shi Dong","doi":"10.1016/j.jisa.2025.104062","DOIUrl":null,"url":null,"abstract":"<div><div>In malware detection research, determining whether the application has malicious intent is the most important issue. Malware variants evolve rapidly through the use of polymorphic and metamorphic techniques, posing two challenges to malware detection. First, it is very difficult to label and identify large amounts of new malware. Second, existing classification methods are usually trained on predefined malicious samples. Therefore cannot identify new types of malware. In order to solve these problems, this study proposes an innovative method based on few-shot learning, aiming to quickly adapt to new threats. This method can rely on a small number of malicious family samples to quickly infer malware that does not appear in the training set. This study conducted detection experiments on malware of unknown families, unknown samples, and unknown functions. The research results show that this method is better than existing methods when facing new malware samples.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"91 ","pages":"Article 104062"},"PeriodicalIF":3.8000,"publicationDate":"2025-04-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Enhanced unknown Android Malware Detection using LG-PN: A local–global fusion approach in prototypical networks\",\"authors\":\"Longhui Shu , Shi Dong\",\"doi\":\"10.1016/j.jisa.2025.104062\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>In malware detection research, determining whether the application has malicious intent is the most important issue. Malware variants evolve rapidly through the use of polymorphic and metamorphic techniques, posing two challenges to malware detection. First, it is very difficult to label and identify large amounts of new malware. Second, existing classification methods are usually trained on predefined malicious samples. Therefore cannot identify new types of malware. In order to solve these problems, this study proposes an innovative method based on few-shot learning, aiming to quickly adapt to new threats. This method can rely on a small number of malicious family samples to quickly infer malware that does not appear in the training set. This study conducted detection experiments on malware of unknown families, unknown samples, and unknown functions. The research results show that this method is better than existing methods when facing new malware samples.</div></div>\",\"PeriodicalId\":48638,\"journal\":{\"name\":\"Journal of Information Security and Applications\",\"volume\":\"91 \",\"pages\":\"Article 104062\"},\"PeriodicalIF\":3.8000,\"publicationDate\":\"2025-04-25\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Information Security and Applications\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S2214212625000997\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Security and Applications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2214212625000997","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

在恶意软件检测研究中，确定应用程序是否具有恶意意图是最重要的问题。恶意软件变体通过使用多态和变形技术迅速演变，给恶意软件检测带来了两个挑战。首先，很难标记和识别大量新的恶意软件。其次，现有的分类方法通常是基于预定义的恶意样本进行训练的。因此无法识别新的恶意软件类型。为了解决这些问题，本研究提出了一种基于few-shot学习的创新方法，旨在快速适应新的威胁。该方法可以依靠少量的恶意家族样本，快速推断出没有出现在训练集中的恶意软件。本研究对未知家族、未知样本、未知功能的恶意软件进行检测实验。研究结果表明，在面对新的恶意软件样本时，该方法优于现有的方法。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Enhanced unknown Android Malware Detection using LG-PN: A local–global fusion approach in prototypical networks

In malware detection research, determining whether the application has malicious intent is the most important issue. Malware variants evolve rapidly through the use of polymorphic and metamorphic techniques, posing two challenges to malware detection. First, it is very difficult to label and identify large amounts of new malware. Second, existing classification methods are usually trained on predefined malicious samples. Therefore cannot identify new types of malware. In order to solve these problems, this study proposes an innovative method based on few-shot learning, aiming to quickly adapt to new threats. This method can rely on a small number of malicious family samples to quickly infer malware that does not appear in the training set. This study conducted detection experiments on malware of unknown families, unknown samples, and unknown functions. The research results show that this method is better than existing methods when facing new malware samples.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Journal of Information Security and Applications Computer Science-Computer Networks and Communications

CiteScore

10.90

自引率

5.40%

发文量

206

审稿时长

56 days

期刊介绍： Journal of Information Security and Applications (JISA) focuses on the original research and practice-driven applications with relevance to information security and applications. JISA provides a common linkage between a vibrant scientific and research community and industry professionals by offering a clear view on modern problems and challenges in information security, as well as identifying promising scientific and "best-practice" solutions. JISA issues offer a balance between original research work and innovative industrial approaches by internationally renowned information security experts and researchers.