Generative malware outbreak detection
Practical defense systems require precise detection during malware outbreaks with only a handful of available samples. Sean Park demonstrates how to detect in-the-wild malware samples with a single training sample of a kind, with the help of TensorFlow's flexible architecture in implementing a novel variable-length generative adversarial autoencoder.
| Talk Title | Generative malware outbreak detection |
| Speakers | Sean Park (Trend Micro) |
| Conference | O’Reilly TensorFlow World |
| Conf Tag | |
| Location | Santa Clara, California |
| Date | October 28-31, 2019 |
| URL | Talk Page |
| Slides | Talk Slides |
| Video | |
Recently, several deep learning approaches have attempted to detect malware binaries using convolutional neural networks and stacked deep autoencoders. Although they’ve shown respectable performance on a large corpus of datasets, practical defense systems require precise detection during the malware outbreaks where only a handful of samples are available. Sean Park demonstrates the effectiveness of the latent representations obtained through the adversarial autoencoder for malware outbreak detection. Using instruction sequence distribution mapped to a semantic latent vector, the model provides a highly effective neural signature that helps detecting variants of a previously identified malware within a campaign mutated with minor functional upgrade, function shuffling, or slightly modified obfuscations. Sean explains the effectiveness of generative adversarial autoencoders for static malware detection under outbreak situations where a single sample of a kind is available to detect similar in-the-wild samples. The model performance is evaluated over real-world macOS and Windows malware samples against traditional machine learning models.
