Deep Convolutional Malware Classifiers Can Learn from Raw Executables and Labels Only

0492065 - ÚI 2019 CA eng C - Conference Paper (international conference)
Krčál, Marek - Švec, O. - Jašek, O. - Bálek, M.
Deep Convolutional Malware Classifiers Can Learn from Raw Executables and Labels Only.
ICLR 2018 Workshop Track. Vancouver, 2018.
[ICLR 2018: International Conference on Learning Representations /6./. Vancouver (CA), 30.04.2018-03.05.2018]
Institutional support: RVO:67985807
Keywords : malware detection * convolutional networks * end-to-end learning
OECD category: Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)
https://openreview.net/forum?id=HkHrmM1PM

We propose and evaluate a simple convolutional deep neural network architecture detecting malicious Portable Executables (Windows executable files) by learning from their raw sequences of bytes and labels only, that is, without any domainspecific feature extraction nor preprocessing. On a dataset of 20 million unpacked half megabyte Portable Executables, such end-to-end approach achieves performance almost on par with the traditional machine learning pipeline based on handcrafted features of Avast.
Permanent Link: http://hdl.handle.net/11104/0285636