Visible to the public Biblio

Filters: Author is Raff, Edward  [Clear All Filters]
2018-05-30
Raff, Edward, Nicholas, Charles.  2017.  Malware Classification and Class Imbalance via Stochastic Hashed LZJD. Proceedings of the 10th ACM Workshop on Artificial Intelligence and Security. :111–120.

There are currently few methods that can be applied to malware classification problems which don't require domain knowledge to apply. In this work, we develop our new SHWeL feature vector representation, by extending the recently proposed Lempel-Ziv Jaccard Distance. These SHWeL vectors improve upon LZJD's accuracy, outperform byte n-grams, and allow us to build efficient algorithms for both training (a weakness of byte n-grams) and inference (a weakness of LZJD). Furthermore, our new SHWeL method also allows us to directly tackle the class imbalance problem, which is common for malware-related tasks. Compared to existing methods like SMOTE, SHWeL provides significantly improved accuracy while reducing algorithmic complexity to O(N). Because our approach is developed without the use of domain knowledge, it can be easily re-applied to any new domain where there is a need to classify byte sequences.