DeepMalNet: Evaluating shallow and deep networks for static PE malware detection

Abstract This paper primarily evaluates the efficacy of shallow and deep networks to statically detect malicious windows portable executable (PE) files. This uses recently released, labeled and benchmark data set, EMBER malware benchmark data set. As deep networks are parameterized, the parameters are chosen based on comparing the performance of various network parameters and network topologies over various trials of experiments. The experiments of such chosen efficient configurations of deep models are run up to 1000 epochs with varying learning rates between 0.01 and 0.5. The observed results of deep networks are high compared to the shallow networks.

[1]  Razvan Pascanu,et al.  Malware classification with recurrent networks , 2015, 2015 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP).

[2]  Jack W. Stokes,et al.  Large-scale malware classification using random projections and neural networks , 2013, 2013 IEEE International Conference on Acoustics, Speech and Signal Processing.

[3]  Jack W. Stokes,et al.  Malware classification with LSTM and GRU language models and a character-level CNN , 2017, 2017 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP).

[4]  Wenyi Huang,et al.  MtNet: A Multi-Task Neural Network for Dynamic Malware Classification , 2016, DIMVA.

[5]  Fred Cohen,et al.  Computer viruses—theory and experiments , 1990 .

[6]  Prabaharan Poornachandran,et al.  Scalable Framework for Cyber Threat Situational Awareness Based on Domain Name Systems Data Analysis , 2018 .

[7]  Hyrum S. Anderson,et al.  EMBER: An Open Dataset for Training Static PE Malware Machine Learning Models , 2018, ArXiv.

[8]  Gaël Varoquaux,et al.  Scikit-learn: Machine Learning in Python , 2011, J. Mach. Learn. Res..

[9]  Jon Barker,et al.  Malware Detection by Eating a Whole EXE , 2017, AAAI Workshops.

[10]  Marek Krcál,et al.  Deep Convolutional Malware Classifiers Can Learn from Raw Executables and Labels Only , 2018, International Conference on Learning Representations.

[11]  Konstantin Berlin,et al.  Deep neural network based malware detection using two dimensional binary program features , 2015, 2015 10th International Conference on Malicious and Unwanted Software (MALWARE).

[12]  Yuan Yu,et al.  TensorFlow: A system for large-scale machine learning , 2016, OSDI.