Would a File by Any Other Name Seem as Malicious?
Links to Fileshttps://arxiv.org/abs/1910.04753
MetadataShow full item record
Type of Work10 pages
journal articles preprints
Citation of Original PublicationNguyen, Andre T.; Raff, Edward; Sant-Miller, Aaron; Would a File by Any Other Name Seem as Malicious?; Cryptography and Security (2019); https://arxiv.org/abs/1910.04753
RightsThis item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author.
Subjectsinformation technology systems
character-level convolutional neural network
Successful malware attacks on information technology systems can cause millions of dollars in damage, the exposure of sensitive and private information, and the irreversible destruction of data. Anti-virus systems that analyze a file's contents use a combination of static and dynamic analysis to detect and remove/remediate such malware. However, examining a file's entire contents is not always possible in practice, as the volume and velocity of incoming data may be too high, or access to the underlying file contents may be restricted or unavailable. If it were possible to obtain estimates of a file's relative likelihood of being malicious without looking at the file contents, we could better prioritize file processing order and aid analysts in situations where a file is unavailable. In this work, we demonstrate that file names can contain information predictive of the presence of malware in a file. In particular, we show the effectiveness of a character-level convolutional neural network at predicting malware status using file names on Endgame's EMBER malware detection benchmark dataset.