Activation Analysis of a Byte-Based Deep Neural Network for Malware Classification

Explore the intricacies of byte-based deep neural networks for malware classification in this IEEE conference talk. Delve into the activation analysis of these networks, examining learned features at multiple resolutions, from individual byte embeddings to end-to-end model analysis. Connect byte-oriented activations to their original semantics through binary parsing and disassembly, uncovering human-understandable features. Investigate the impact of training data volume and regularization on feature quality and classifier efficacy. Discover paradoxical insights about generalization and performance in byte-based malware classifiers. Learn about feature engineering, CNN models, test results, filtering techniques, and end-to-end features, including the rich header. Gain valuable insights into deep learning applications in cybersecurity from FireEye, Inc. expert Scott E. Coull.

Intro
Feature Engineering
Our CNN Model
Test Results
Big Questions
Analysis Process
Comparisons
Filtering
Regularization
Filter Comparison
EndtoEnd Features
Rich Header
Summary
Contact Information
Questions
Discussion