Deep neural network based malware detection using two dimensional binary program features

Saxe, Joshua; Berlin, Konstantin

doi:10.1109/malware.2015.7413680

Cited by 503 publications

(331 citation statements)

References 28 publications

Supporting

Mentioning

327

Contrasting

Unclassified

Order By: Relevance

“…Saxe and Berlin [16] instead proposed a method to distinguish malware from benign one with a neural network. In their research, entropy histogram is calculated from binary data and the number of callings of the contextual byte data, and metadata of execution files and DLL import are extracted.…”

Section: Related Workmentioning

confidence: 99%

Detecting Malware with an Ensemble Method Based on Deep Neural Network

Yan

Rao

2018

Security and Communication Networks

116

View full text Add to dashboard Cite

Malware detection plays a crucial role in computer security. Recent researches mainly use machine learning based methods heavily relying on domain knowledge for manually extracting malicious features. In this paper, we propose MalNet, a novel malware detection method that learns features automatically from the raw data. Concretely, we first generate a grayscale image from malware file, meanwhile extracting its opcode sequences with the decompilation tool IDA. Then MalNet uses CNN and LSTM networks to learn from grayscale image and opcode sequence, respectively, and takes a stacking ensemble for malware classification. We perform experiments on more than 40,000 samples including 20,650 benign files collected from online software providers and 21,736 malwares provided by Microsoft. The evaluation result shows that MalNet achieves 99.88% validation accuracy for malware detection. In addition, we also take malware family classification experiment on 9 malware families to compare MalNet with other related works, in which MalNet outperforms most of related works with 99.36% detection accuracy and achieves a considerable speed-up on detecting efficiency comparing with two state-of-the-art results on Microsoft malware dataset.

show abstract

Section: Related Workmentioning

confidence: 99%

Detecting Malware with an Ensemble Method Based on Deep Neural Network

Yan

Rao

2018

Security and Communication Networks

116

View full text Add to dashboard Cite

show abstract

“…Saxe et al [33] proposed a method to distinguish malware from benign software based on a neural network, deep learning approach. Their system uses four different types of complementary static features from benign and malicious binaries.…”

Section: Related Workmentioning

confidence: 99%

Neurlux

Jindal

Salls

Aghakhani

et al. 2019

Proceedings of the 35th Annual Computer Security Applications Conference

View full text Add to dashboard Cite

Malware detection plays a vital role in computer security. Modern machine learning approaches have been centered around domain knowledge for extracting malicious features. However, many potential features can be used, and it is time consuming and difficult to manually identify the best features, especially given the diverse nature of malware.In this paper, we propose Neurlux, a neural network for malware detection. Neurlux does not rely on any feature engineering, rather it learns automatically from dynamic analysis reports that detail behavioral information. Our model borrows ideas from the field of document classification, using word sequences present in the reports to predict if a report is from a malicious binary or not. We investigate the learned features of our model and show which components of the reports it tends to give the highest importance. Then, we evaluate our approach on two different datasets and report formats, showing that Neurlux improves on the state of the art and can effectively learn from the dynamic analysis reports. Furthermore, we show that our approach is portable to other malware analysis environments and generalizes to different datasets. CCS CONCEPTS• Security and privacy → Software and application security; • Computing methodologies → Neural networks.

show abstract

“…Our second hypothesis is that the file-based features used by [17] simply do not contain the same level of information as the extracted features used in the EMBER corpus. They use the same feature approach as the seminal work by Saxe and Berlin [26], which uses a histogram of entropy values, a histogram of string lengths, a histogram of entropy standard deviations, and 256 dimensional bin to hash values extractable from the PE-header. This last set of 256 features will have collisions, as it corresponds to feature-hashing into a small dimensional space.…”

Section: Combining File Names With Ember Featuresmentioning

confidence: 99%

Would a File by Any Other Name Seem as Malicious?

Nguyen

Raff

Sant-Miller

2019

2019 IEEE International Conference on Big Data (Big Data)

View full text Add to dashboard Cite

Successful malware attacks on information technology systems can cause millions of dollars in damage, the exposure of sensitive and private information, and the irreversible destruction of data. Antivirus systems that analyze a file's contents use a combination of static and dynamic analysis to detect and remove/remediate such malware. However, examining a file's entire contents is not always possible in practice, as the volume and velocity of incoming data may be too high, or access to the underlying file contents may be restricted or unavailable. If it were possible to obtain estimates of a file's relative likelihood of being malicious without looking at the file contents, we could better prioritize file processing order and aid analysts in situations where a file is unavailable.In this work, we demonstrate that file names can contain information predictive of the presence of malware in a file. In particular, we show the effectiveness of a character-level convolutional neural network at predicting malware status using file names on Endgame's EMBER malware detection benchmark dataset.

show abstract

Deep neural network based malware detection using two dimensional binary program features

Abstract: Malware remains a serious problem for corporations, government agencies, and individuals, as attackers

Cited by 503 publications

References 28 publications

Detecting Malware with an Ensemble Method Based on Deep Neural Network

Detecting Malware with an Ensemble Method Based on Deep Neural Network

Neurlux

Would a File by Any Other Name Seem as Malicious?

Contact Info

Product

Resources

About