Deep Learning for Malware Analysis

Activity: Talk or presentation typesOral presentation


In this talk, we will introduce the potential of deep learning, as one of the most powerful and trendy machine learning, for malware analysis. Specifically, we present some of our work at QUB.

First, we will propose a novel android malware detection system that uses a deep convolutional neural network (CNN). Malware classification is performed based on static analysis of the raw opcode sequence from a disassembled program. Features indicative of malware are automatically learned by the network from the raw opcode sequence thus removing the need for hand-engineered malware features. The training pipeline of our proposed system is much simpler than existing n-gram based malware detection methods, as the network is trained end-to-end to jointly learn appropriate features and to perform classification, thus removing the need to explicitly enumerate millions of n-grams during training. The network design also allows the use of long n-gram like features, not computationally feasible with existing methods. Once trained, the network can be efficiently executed on a GPU, allowing a very large number of files to be scanned quickly.

Second, we will evaluate the performance of our system under obfuscation and we will propose an extension, based on the novel concept of Discriminative Adversarial Networks, to deal with complex obfuscation.

Finally, we will highlight the importance of explainability for these models and how this concept allow us to increase the confidence in our models.
Period23 Oct 2020
Event titleBAE Systems Interactive Sessions
Event typeOther