DeepOrigin: End-to-End Deep Learning for Detection of New Malware Families

TL;DR

DeepOrigin introduces an end-to-end deep learning approach utilizing transfer learning and invariant feature representations to effectively distinguish between known and unseen malware families, enhancing cybersecurity defenses.

Contribution

It presents a novel transfer learning-based method that learns invariant file representations for detecting new malware families, improving adaptability and accuracy.

Findings

Achieved 97.7% accuracy in classifying unseen malware families.

Utilized static and dynamic features for robust representation.

Demonstrated effectiveness on a large dataset of malware variants.

Abstract

In this paper, we present a novel method of differentiating known from previously unseen malware families. We utilize transfer learning by learning compact file representations that are used for a new classification task between previously seen malware families and novel ones. The learned file representations are composed of static and dynamic features of malware and are invariant to small modifications that do not change their malicious functionality. Using an extensive dataset that consists of thousands of variants of malicious files, we were able to achieve 97.7% accuracy when classifying between seen and unseen malware families. Our method provides an important focalizing tool for cybersecurity researchers and greatly improves the overall ability to adapt to the fast-moving pace of the current threat landscape.