9 May 2018 Convolutional neural networks for functional classification of opcode sequences
Author Affiliations +
Traditional malware detection is performed by pattern matching files against a database of known signatures. There are several limitations to this approach including zero-day attacks and encryption. We envision an alternative strategy whereby machine learning (ML) models are trained to classify malware on dynamically-derived CPU instruction streams. Many ML algorithms have the potential to recognize code fragments not explicitly seen before. Furthermore, the analysis of dynamic instruction streams (vs. static disassembly) potentially defeats encryption, as encrypted malware must decrypt itself before being operational. In this work, we begin to assess the viability of our vision by using convolution neural networks to classify the function of various types of small programs from their stream of CPU instructions. Intriguingly, we find that a model comprised of a few layers of convolutional filters performs on par with a shallow single-layer convolutional network.
Conference Presentation
© (2018) COPYRIGHT Society of Photo-Optical Instrumentation Engineers (SPIE). Downloading of the abstract is permitted for personal use only.
Michael S. Lee, Michael S. Lee, "Convolutional neural networks for functional classification of opcode sequences", Proc. SPIE 10652, Disruptive Technologies in Information Sciences, 106520R (9 May 2018); doi: 10.1117/12.2302715; https://doi.org/10.1117/12.2302715

Back to Top