DeepSign: Deep learning for automatic malware signature generation and classification

Omid E. David, Nathan S. Netanyahu

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

191 Scopus citations

Abstract

This paper presents a novel deep learning based method for automatic malware signature generation and classification. The method uses a deep belief network (DBN), implemented with a deep stack of denoising autoencoders, generating an invariant compact representation of the malware behavior. While conventional signature and token based methods for malware detection do not detect a majority of new variants for existing malware, the results presented in this paper show that signatures generated by the DBN allow for an accurate classification of new malware variants. Using a dataset containing hundreds of variants for several major malware families, our method achieves 98.6% classification accuracy using the signatures generated by the DBN. The presented method is completely agnostic to the type of malware behavior that is logged (e.g., API calls and their parameters, registry entries, websites and ports accessed, etc.), and can use any raw input from a sandbox to successfully train the deep neural network which is used to generate malware signatures.

Original languageEnglish
Title of host publication2015 International Joint Conference on Neural Networks, IJCNN 2015
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781479919604, 9781479919604, 9781479919604, 9781479919604
DOIs
StatePublished - 28 Sep 2015
EventInternational Joint Conference on Neural Networks, IJCNN 2015 - Killarney, Ireland
Duration: 12 Jul 201517 Jul 2015

Publication series

NameProceedings of the International Joint Conference on Neural Networks
Volume2015-September

Conference

ConferenceInternational Joint Conference on Neural Networks, IJCNN 2015
Country/TerritoryIreland
CityKillarney
Period12/07/1517/07/15

Bibliographical note

Publisher Copyright:
© 2015 IEEE.

Keywords

  • Autoencoders
  • Automatic Signature Generation
  • Deep Belief Network
  • Deep Learning
  • Malware

Fingerprint

Dive into the research topics of 'DeepSign: Deep learning for automatic malware signature generation and classification'. Together they form a unique fingerprint.

Cite this