Few-Shot Malware Traffic Classification Method Using Network Traffic and Meta Transfer Learning
Malware traffic classification (MTC) is a very important component of cyber security, and a number of the MTC techniques are based on deep learning (DL) with a strong capability of feature mining and classification. However, these DL-based MTC methods are heavily dependent on a large amount of network traffic samples. In the few-shot scenarios, these methods usually overfit and have poor classification performance. Considering that the update cycle of malware is faster and faster, and there are more and more types of malware, collecting enough training samples for all malware is very challenging, if not impossible. In this paper, a novel few-shot MTC(FS-MTC) method is proposed based on convolutional neural network (CNN) and model-agnostic meta-learning (MAML) algorithm. Specifically, the CNN is trained on samples from normal softwares by MAML rather than the conventional optimization methods, then the CNN is finetuned by a few samples from malware for MTC. Simulation results show that our proposed MAML-based FS-MTC can outperform the traditional MTC methods. The performance of our proposed method can reach up to 95.69%.