Malware Detection by Eating a Whole EXE

Links to Files

https://aaai.org/ocs/index.php/WS/AAAIW18/paper/viewFile/16422/15577

Permanent Link

http://hdl.handle.net/11603/12714

Collections

UMBC Computer Science and Electrical Engineering Department
UMBC Faculty Collection

Author/Creator

Author/Creator ORCID

Date

Type of Work

conference papers and proceedings
Text

Department

Program

Citation of Original Publication

Edward Raff, Jon Barker, Jared Sylvester, Robert Brandon, Bryan Catanzaro, Charles Nicholas, Malware Detection by Eating a Whole EXE, The Workshops of the Thirty-Second AAAI Conference on Artificial Intelligence, 2018,https://aaai.org/ocs/index.php/WS/AAAIW18/paper/viewFile/16422/15577

Rights

This item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author.

Subjects

malware detection
image processing
virtual machine

Abstract

In this work we introduce malware detection from raw byte sequences as a fruitful research area to the larger machine learning community. Building a neural network for such a problem presents a number of interesting challenges that have not occurred in tasks such as image processing or NLP. In particular, we note that detection from raw bytes presents a sequence problem with over two million time steps and a problem where batch normalization appear to hinder the learning process. We present our initial work in building a solution to tackle this problem, which has linear complexity dependence on the sequence length, and allows for interpretable sub-regions of the binary to be identified. In doing so we will discuss the many challenges in building a neural network to process data at this scale, and the methods we used to work around them.