MtNet: A Multi-Task Neural Network for Dynamic Malware Classification

• Published in: Detection of Intrusions and Malware, and Vulnerability Assessment Vol. 9721; pp. 399 - 418
• Main Authors: Huang, Wenyi, Stokes, Jack W.
• Format: Book Chapter
• Language: English
• Published: Switzerland Springer International Publishing AG 2016; Springer International Publishing
• Series: Lecture Notes in Computer Science
• Subjects: Computer security
• ISBN: 9783319406664; 3319406663
• ISSN: 0302-9743; 1611-3349
• DOI: 10.1007/978-3-319-40667-1_20

In this paper, we propose a new multi-task, deep learning architecture for malware classification for the binary (i.e. malware versus benign) malware classification task. All models are trained with data extracted from dynamic analysis of malicious and benign files. For the first time, we see improvements using multiple layers in a deep neural network architecture for malware classification. The system is trained on 4.5 million files and tested on a holdout test set of 2 million files which is the largest study to date. To achieve a binary classification error rate of 0.358 %, the objective functions for the binary classification task and malware family classification task are combined in the multi-task architecture. In addition, we propose a standard (i.e. non multi-task) malware family classification architecture which also achieves a malware family classification error rate of 2.94 %.