Title | Malware Analysis of Imaged Binary Samples by Convolutional Neural Network with Attention Mechanism |
Publication Type | Conference Paper |
Year of Publication | 2018 |
Authors | Yakura, Hiromu, Shinozaki, Shinnosuke, Nishimura, Reon, Oyama, Yoshihiro, Sakuma, Jun |
Conference Name | Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy |
Publisher | ACM |
Conference Location | New York, NY, USA |
ISBN Number | 978-1-4503-5632-9 |
Keywords | attention mechanism, convolutional neural network, Human Behavior, malware analysis, Metrics, pubcrawl, Resiliency |
Abstract | This paper presents a proposal of a method to extract important byte sequences in malware samples to reduce the workload of human analysts who investigate the functionalities of the samples. This method, by applying convolutional neural network (CNN) with a technique called attention mechanism to an image converted from binary data, enables calculation of an "attention map," which shows regions having higher importance for classification in the image. This distinction of regions enables extraction of characteristic byte sequences peculiar to the malware family from the binary data and can provide useful information for the human analysts without a priori knowledge. Furthermore, the proposed method calculates the attention map for all binary data including the data section. Thus, it can process packed malware that might contain obfuscated code in the data section. Results of our evaluation experiment using malware datasets show that the proposed method provides higher classification accuracy than conventional methods. Furthermore, analysis of malware samples based on the calculated attention maps confirmed that the extracted sequences provide useful information for manual analysis, even when samples are packed. |
URL | http://doi.acm.org/10.1145/3176258.3176335 |
DOI | 10.1145/3176258.3176335 |
Citation Key | yakura_malware_2018 |