Malware Triage Approach using a Task Memory based on Meta-Transfer Learning Framework. (arXiv:2207.10242v4 [cs.CR] UPDATED)

To enhance the efficiency of incident response triage operations, it is not
cost-effective to defend all systems equally in a complex cyber environment.
Instead, prioritizing the defense of critical functionality and the most
vulnerable systems is desirable. Threat intelligence is crucial for guiding
Security Operations Center (SOC) analysts’ focus toward specific system
activity and provides the primary contextual foundation for interpreting
security alerts. This paper explores novel approaches for improving incident
response triage operations, including dealing with attacks and zero-day
malware. This solution for rapid prioritization of different malware have been
raised to formulate fast response plans to minimize socioeconomic damage from
the massive growth of malware attacks in recent years, it can also be extended
to other incident response. We propose a malware triage approach that can
rapidly classify and prioritize different malware classes to address this
concern. We utilize a pre-trained ResNet18 network based on Siamese Neural
Network (SNN) to reduce the biases in weights and parameters. Furthermore, our
approach incorporates external task memory to retain the task information of
previously encountered examples. This helps to transfer experience to new
samples and reduces computational costs, without requiring backpropagation on
external memory. Evaluation results indicate that the classification aspect of
our proposed method surpasses other similar classification techniques in terms
of performance. This new triage strategy based on task memory with
meta-learning evaluates the level of similarity matching across malware classes
to identify any risky and unknown malware (e.g., zero-day attacks) so that a
defense of those that support critical functionality can be conducted.