Use of Multi-CNNs for Section Analysis in Static Malware Detection

TL;DR

This paper introduces a multi-CNN approach for static malware detection that analyzes file sections as images, providing both detection results and insights into which sections influence the decision.

Contribution

The novel method transforms file sections into images and employs multiple CNNs to improve detection and interpretability of malware analysis.

Findings

Enhanced detection accuracy through section-specific analysis

Improved interpretability of malware detection results

Effective combination of CNN scores for final decision

Abstract

Existing research on malware detection focuses almost exclusively on the detection rate. However, in some cases, it is also important to understand the results of our algorithm, or to obtain more information, such as where to investigate in the file for an analyst. In this aim, we propose a new model to analyze Portable Executable files. Our method consists in splitting the files in different sections, then transform each section into an image, in order to train convolutional neural networks to treat specifically each identified section. Then we use all these scores returned by CNNs to compute a final detection score, using models that enable us to improve our analysis of the importance of each section in the final score.