LIFT: Discriminant Classification Approach of Malware Family on Time Consistent Open Set
Abstract
In recent years, the rapid evolution of malware, including the emergence of new variants and families, has posed a significant challenge to antivirus defenses. To address this, some approaches to Malware Open Set Recognition (MOSR) have been introduced, aiming to categorize known malware families and detect new ones. Nevertheless, current MOSR research tends to neglect the effect of time inconsistency within datasets, which can result in an overly optimistic evaluation of MOSR effectiveness. To mitigate this issue, a new MOSR method named LIFT has been developed, focusing on a time-consistent division of malware datasets. LIFT employs the self-attention mechanism to understand the correlations among known malware families. It also integrates a linear probe and a unique regularization term to enhance the separability of deep representations. In the recognition phase, LIFT implements a feature truncation tactic to adjust the dimensional values in the samples’ deep representation vectors, thereby enhancing their distinctiveness. Tests on time-consistent open datasets demonstrate that LIFT significantly outperforms existing techniques in open set recognition efficiency.
Type
Publication
International Conference on Intelligent Computing