Share Email Print

Proceedings Paper

Convolutional neural networks for functional classification of opcode sequences
Author(s): Michael S. Lee
Format Member Price Non-Member Price
PDF $17.00 $21.00

Paper Abstract

Traditional malware detection is performed by pattern matching files against a database of known signatures. There are several limitations to this approach including zero-day attacks and encryption. We envision an alternative strategy whereby machine learning (ML) models are trained to classify malware on dynamically-derived CPU instruction streams. Many ML algorithms have the potential to recognize code fragments not explicitly seen before. Furthermore, the analysis of dynamic instruction streams (vs. static disassembly) potentially defeats encryption, as encrypted malware must decrypt itself before being operational. In this work, we begin to assess the viability of our vision by using convolution neural networks to classify the function of various types of small programs from their stream of CPU instructions. Intriguingly, we find that a model comprised of a few layers of convolutional filters performs on par with a shallow single-layer convolutional network.

Paper Details

Date Published: 9 May 2018
PDF: 8 pages
Proc. SPIE 10652, Disruptive Technologies in Information Sciences, 106520R (9 May 2018); doi: 10.1117/12.2302715
Show Author Affiliations
Michael S. Lee, U.S. Army Research Lab. (United States)

Published in SPIE Proceedings Vol. 10652:
Disruptive Technologies in Information Sciences
Misty Blowers; Russell D. Hall; Venkateswara R. Dasari, Editor(s)

© SPIE. Terms of Use
Back to Top
Sign in to read the full article
Create a free SPIE account to get access to
premium articles and original research
Forgot your username?