Abstract
This paper presents a novel deep learning based method for automatic malware signature generation and classification. The method uses a deep belief network (DBN), implemented with a deep stack of denoising autoencoders, generating an invariant compact representation of the malware behavior. While conventional signature and token based methods for malware detection do not detect a majority of new variants for existing malware, the results presented in this paper show that signatures generated by the DBN allow for an accurate classification of new malware variants. Using a dataset containing hundreds of variants for several major malware families, our method achieves 98.6% classification accuracy using the signatures generated by the DBN. The presented method is completely agnostic to the type of malware behavior that is logged (e.g., API calls and their parameters, registry entries, websites and ports accessed, etc.), and can use any raw input from a sandbox to successfully train the deep neural network which is used to generate malware signatures.
Original language | English |
---|---|
Title of host publication | 2015 International Joint Conference on Neural Networks, IJCNN 2015 |
Publisher | Institute of Electrical and Electronics Engineers Inc. |
ISBN (Electronic) | 9781479919604, 9781479919604, 9781479919604, 9781479919604 |
DOIs | |
State | Published - 28 Sep 2015 |
Event | International Joint Conference on Neural Networks, IJCNN 2015 - Killarney, Ireland Duration: 12 Jul 2015 → 17 Jul 2015 |
Publication series
Name | Proceedings of the International Joint Conference on Neural Networks |
---|---|
Volume | 2015-September |
Conference
Conference | International Joint Conference on Neural Networks, IJCNN 2015 |
---|---|
Country/Territory | Ireland |
City | Killarney |
Period | 12/07/15 → 17/07/15 |
Bibliographical note
Publisher Copyright:© 2015 IEEE.
Keywords
- Autoencoders
- Automatic Signature Generation
- Deep Belief Network
- Deep Learning
- Malware