Visible to the public Malware Analysis of Imaged Binary Samples by Convolutional Neural Network with Attention Mechanism

TitleMalware Analysis of Imaged Binary Samples by Convolutional Neural Network with Attention Mechanism
Publication TypeConference Paper
Year of Publication2018
AuthorsYakura, Hiromu, Shinozaki, Shinnosuke, Nishimura, Reon, Oyama, Yoshihiro, Sakuma, Jun
Conference NameProceedings of the Eighth ACM Conference on Data and Application Security and Privacy
PublisherACM
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-5632-9
Keywordsattention mechanism, convolutional neural network, Human Behavior, malware analysis, Metrics, pubcrawl, Resiliency
AbstractThis paper presents a proposal of a method to extract important byte sequences in malware samples to reduce the workload of human analysts who investigate the functionalities of the samples. This method, by applying convolutional neural network (CNN) with a technique called attention mechanism to an image converted from binary data, enables calculation of an "attention map," which shows regions having higher importance for classification in the image. This distinction of regions enables extraction of characteristic byte sequences peculiar to the malware family from the binary data and can provide useful information for the human analysts without a priori knowledge. Furthermore, the proposed method calculates the attention map for all binary data including the data section. Thus, it can process packed malware that might contain obfuscated code in the data section. Results of our evaluation experiment using malware datasets show that the proposed method provides higher classification accuracy than conventional methods. Furthermore, analysis of malware samples based on the calculated attention maps confirmed that the extracted sequences provide useful information for manual analysis, even when samples are packed.
URLhttp://doi.acm.org/10.1145/3176258.3176335
DOI10.1145/3176258.3176335
Citation Keyyakura_malware_2018