HeNet- A Deep Learning Approach on Intel Processor Trace for Effective Exploit Detection

Explore a deep learning approach for effective exploit detection using Intel® Processor Trace in this conference talk presented at the 1st Deep Learning and Security Workshop. Dive into HeNet, a hierarchical ensemble neural network that classifies hardware-generated control flow traces for malware detection. Learn how this innovative method overcomes challenges faced by static code analysis and API call-based approaches. Discover the architecture of HeNet, consisting of a low-level behavior model and a top-level ensemble model, and understand how it leverages transfer learning and image conversion techniques. Examine the evaluation results against real-world PDF reader exploits, showcasing HeNet's impressive accuracy and performance compared to classical machine learning algorithms. Gain insights into the potential of hardware trace-based malware detection and its implications for cybersecurity.

Intro
How Secure are Deep Learning Malware Detectors?
Control Flow Classification for Malware Detection
Intel Processor Trace (Intel PT)
Image Conversion of Intel PT Control Flow Packets
Recall The Proposed Malware Detection System
Why Applying Computer Vision to Malware Detection?
HeNet: Hierarchical Ensemble Neural Network
HeNet Performance Evaluation
HeNet Low-level Model Performance
HeNet Top-level Ensemble Model
Conclusions and Future Work