Deep Convolutional Malware Classifiers Can Learn from Raw Executables and Labels Only

0492065 - ÚI 2019 CA eng C - Konferenční příspěvek (zahraniční konf.)
Krčál, Marek - Švec, O. - Jašek, O. - Bálek, M.
Deep Convolutional Malware Classifiers Can Learn from Raw Executables and Labels Only.
ICLR 2018 Workshop Track. Vancouver, 2018.
[ICLR 2018: International Conference on Learning Representations /6./. Vancouver (CA), 30.04.2018-03.05.2018]
Institucionální podpora: RVO:67985807
Klíčová slova: malware detection * convolutional networks * end-to-end learning
Obor OECD: Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)
https://openreview.net/forum?id=HkHrmM1PM

We propose and evaluate a simple convolutional deep neural network architecture detecting malicious Portable Executables (Windows executable files) by learning from their raw sequences of bytes and labels only, that is, without any domainspecific feature extraction nor preprocessing. On a dataset of 20 million unpacked half megabyte Portable Executables, such end-to-end approach achieves performance almost on par with the traditional machine learning pipeline based on handcrafted features of Avast.
Trvalý link: http://hdl.handle.net/11104/0285636