Skip to yearly menu bar Skip to main content


Workshop

Deep Convolutional Malware Classifiers Can Learn from Raw Executables and Labels Only

Marek Krčál · Ondřej Švec · Martin Bálek · Otakar Jašek

East Meeting Level 8 + 15 #21

Mon 30 Apr, 11 a.m. PDT

We propose and evaluate a simple convolutional deep neural network architecture detecting malicious \emph{Portable Executables} (Windows executable files) by learning from their raw sequences of bytes and labels only, that is, without any domain-specific feature extraction nor preprocessing. On a dataset of 20 million \emph{unpacked} half megabyte Portable Executables, such end-to-end approach achieves performance almost on par with the traditional machine learning pipeline based on handcrafted features of Avast.

Live content is unavailable. Log in and register to view live content