Is Emulating "Binary Grep in Eyes" Possible with Machine Learning?

Talented people who work in the fields of cybersecurity are greatly lacking. In particular, there are insufficient experts or white hackers. They have incredible skills such as "binary grep in eyes", which nobody cannot explain logically why or how does it work. "Binary grep in eyes" is a skill to emulate executing GREP command in binary files with human eyes. In general, it is difficult to automate their skills. \par This paper proposes some methods to emulate "binary grep in eyes" to detect unseen malicious document files with Convolutional Neural Network (CNN). CNN is commonly linked with innovations in the fields of image recognition and achieves superior results over several prior existing models. Then this paper created the dataset from actual malicious document files in the wild, and calculated the Precision, the Recall and the F-measure to evaluate our method. As the result, there is a possibility that our method can emulate "binary grep in eyes" and detect the shellcode in unseen malicious document files.

[1]  Konstantin Berlin,et al.  Deep neural network based malware detection using two dimensional binary program features , 2015, 2015 10th International Conference on Malicious and Unwanted Software (MALWARE).

[2]  Razvan Pascanu,et al.  Malware classification with recurrent networks , 2015, 2015 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP).

[3]  Zheng Qin,et al.  IRMD: Malware Variant Detection Using Opcode Image Recognition , 2016, 2016 IEEE 22nd International Conference on Parallel and Distributed Systems (ICPADS).

[4]  Jimmy Ba,et al.  Adam: A Method for Stochastic Optimization , 2014, ICLR.

[5]  Yanfang Ye,et al.  DL 4 MD : A Deep Learning Framework for Intelligent Malware Detection , 2016 .

[6]  Mitsuaki Akiyama,et al.  Efficient Dynamic Malware Analysis Based on Network Behavior Using Deep Learning , 2016, 2016 IEEE Global Communications Conference (GLOBECOM).

[7]  Mamoru Mimura,et al.  Evaluation of a Brute Forcing Tool that Extracts the RAT from a Malicious Document File , 2016, 2016 11th Asia Joint Conference on Information Security (AsiaJCIS).

[8]  Takeshi Yagi,et al.  Malware Detection with Deep Neural Network Using Process Behavior , 2016, 2016 IEEE 40th Annual Computer Software and Applications Conference (COMPSAC).

[9]  Dawn Xiaodong Song,et al.  Recognizing Functions in Binaries with Neural Networks , 2015, USENIX Security Symposium.

[10]  Sheng Chen,et al.  Application of Deep Belief Networks for opcode based malware detection , 2016, 2016 International Joint Conference on Neural Networks (IJCNN).