Malware‐SMELL: A zero‐shot learning strategy for detecting zero‐day vulnerabilities

One of the most relevant security problems is inferring whether a program has malicious intent (malware software). Even though Antivirus is one of the most popular approaches for malware detection, new types of malware are released at a fast pace, making most techniques for detecting them quickly obsolete. Thus, regular Antivirus typically fails to detect new malware until their signature is incorporated into their database. Nevertheless, new techniques to identify unknown malware are necessary to protect systems even at the day zero of a malware release. Few-shot learning is an approach that consists of using a few examples from each class while training a model. A compelling case of this approach is classifying objects classes that have not yet been used in the training set, namely Zero-shot Learning. In the present work, we propose Malware-SMELL, a new Zero-shot learning method to classify malware using visual representation. In Malware-SMELL, we propose a new representation space to calculate the similarity between pairs of objects, called S-Space. This new representation enhances the class separability and, thus, makes such a challenging classification process more efficient. Malware-SMELL reached 80% of recall and outperforms other methods by a ratio of 9.58% in a classification model trained only with goodware code on real-world datasets in Generalized Zero-shot Learning paradigm.