Deep Learning to Help Detect Malware
Microsoft and Intel are using deep learning and neural networks to detect malware. The STAMINA project (STAtic Malware-as-Image Network Analysis) converts malware samples into 2D grayscale images that can be analyzed based on their unique criteria.
Researchers from the two companies have jointly developed a new approach to malware detection. Microsoft provided the STAMINA project with over 2 million infected files: 60% of the samples were used to train the deep neural network (DNN) algorithm, 20% were used to test DNNs, and the remaining 20% were used to test the effectiveness of STAMINA. The team achieved a 99.07% accuracy rate in detecting and classifying malware samples, with a false positive rate of just 2.58%.
“Typically, deep neural networks are difficult to set up. Here, using battle-proven neural network architectures such as Inception (for tasks such as image classification) allows us to use transfer learning, which reduces the burden of training a deep neural network from scratch, "said Intel specialist Ravi Sahita.
Using deep learning technologies provides broader insights and allows malware to be classified according to the speed and scale of malware that can be generated using automated techniques, helping security experts filter out noise and focus on the threats that pose the greatest risk.
However, this type of system also has some problems. Depending on the neural network architecture used, the cost of training and inference can be higher than traditional, easier methods of detecting malware.
STAMINA is also unable to “see” aspects of malware that can only be detected at runtime, such as the decryption of payloads in memory or unwanted activity (ransomware). To address this issue, Intel is working on forward-looking research into anti-countermeasures approaches, telemetry extraction from execution patterns, and CPU telemetry. Additional information streams can be combined with deep learning techniques to eliminate blind spots for better malware classification.