February 23, 2020

233 words 2 mins read

Generative malware outbreak detection

Generative malware outbreak detection

Practical defense systems require precise detection during malware outbreaks with only a handful of available samples. Sean Park demonstrates how to detect in-the-wild malware samples with a single training sample of a kind, with the help of TensorFlow's flexible architecture in implementing a novel variable-length generative adversarial autoencoder.

Talk Title Generative malware outbreak detection
Speakers Sean Park (Trend Micro)
Conference O’Reilly TensorFlow World
Conf Tag
Location Santa Clara, California
Date October 28-31, 2019
URL Talk Page
Slides Talk Slides

Recently, several deep learning approaches have attempted to detect malware binaries using convolutional neural networks and stacked deep autoencoders. Although they’ve shown respectable performance on a large corpus of datasets, practical defense systems require precise detection during the malware outbreaks where only a handful of samples are available. Sean Park demonstrates the effectiveness of the latent representations obtained through the adversarial autoencoder for malware outbreak detection. Using instruction sequence distribution mapped to a semantic latent vector, the model provides a highly effective neural signature that helps detecting variants of a previously identified malware within a campaign mutated with minor functional upgrade, function shuffling, or slightly modified obfuscations. Sean explains the effectiveness of generative adversarial autoencoders for static malware detection under outbreak situations where a single sample of a kind is available to detect similar in-the-wild samples. The model performance is evaluated over real-world macOS and Windows malware samples against traditional machine learning models.

comments powered by Disqus