Existing research on malware detection focuses almost exclusively on the detection rate. However, in some cases, it is also important to understand the results of our algorithm, or to obtain more information, such as where to investigate in the file for an analyst. In this aim, we propose a new model to analyze Portable Executable files. Our method consists in splitting the files in different sections, then transform each section into an image, in order to train convolutional neural networks to treat specifically each identified section. Then we use all these scores returned by Convolutional Neural Networks to compute a final detection score, using models that enable us to improve our analysis of the importance of each section in the final score. We also compute Mean Decrease Impurity and Feature permutation to get some explainability on the importance of each section.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Use of Multi-CNNs for Section Analysis in Static Malware Detection

  • Tony Quertier,
  • Grégoire Barrué

摘要

Existing research on malware detection focuses almost exclusively on the detection rate. However, in some cases, it is also important to understand the results of our algorithm, or to obtain more information, such as where to investigate in the file for an analyst. In this aim, we propose a new model to analyze Portable Executable files. Our method consists in splitting the files in different sections, then transform each section into an image, in order to train convolutional neural networks to treat specifically each identified section. Then we use all these scores returned by Convolutional Neural Networks to compute a final detection score, using models that enable us to improve our analysis of the importance of each section in the final score. We also compute Mean Decrease Impurity and Feature permutation to get some explainability on the importance of each section.