Malware Analysis with Artificial Intelligence and a Particular Attention on Results Interpretability

TL;DR

This paper introduces an AI-based malware detection model that transforms binary files into grayscale images, achieving high accuracy and interpretability through attention mechanisms, aiding analysts in understanding and identifying malicious files.

Contribution

The paper presents a novel malware detection approach using image transformation and attention mechanisms to improve interpretability and detection accuracy.

Findings

Achieves 88% accuracy in malware detection.

Determines packed or encrypted samples with 85% precision.

Uses attention mechanisms to identify suspicious file regions.

Abstract

Malware detection and analysis are active research subjects in cybersecurity over the last years. Indeed, the development of obfuscation techniques, as packing, for example, requires special attention to detect recent variants of malware. The usual detection methods do not necessarily provide tools to interpret the results. Therefore, we propose a model based on the transformation of binary files into grayscale image, which achieves an accuracy rate of 88%. Furthermore, the proposed model can determine if a sample is packed or encrypted with a precision of 85%. It allows us to analyze results and act appropriately. Also, by applying attention mechanisms on detection models, we have the possibility to identify which part of the files looks suspicious. This kind of tool should be very useful for data analysts, it compensates for the lack of interpretability of the common detection models, and it can help to understand why some malicious files are undetected.