TL;DR
This paper explores using neural networks to detect malware directly from raw executable byte sequences, addressing unique challenges like sequence length and interpretability, and proposing a scalable solution.
Contribution
Introduces a neural network approach for malware detection from raw bytes with linear complexity and interpretability, tackling large sequence challenges.
Findings
Neural network can process over two million byte sequence steps.
Batch normalization hinders learning in this context.
Method enables identification of interpretable sub-regions in binaries.
Abstract
In this work we introduce malware detection from raw byte sequences as a fruitful research area to the larger machine learning community. Building a neural network for such a problem presents a number of interesting challenges that have not occurred in tasks such as image processing or NLP. In particular, we note that detection from raw bytes presents a sequence problem with over two million time steps and a problem where batch normalization appear to hinder the learning process. We present our initial work in building a solution to tackle this problem, which has linear complexity dependence on the sequence length, and allows for interpretable sub-regions of the binary to be identified. In doing so we will discuss the many challenges in building a neural network to process data at this scale, and the methods we used to work around them.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
MethodsBatch Normalization
