MtNet: A Multi-Task Neural Network for Dynamic Malware Classification
In this paper, we propose a new multi-task, deep learning architecture for malware classification for the binary (i.e. malware versus benign) malware classification task. All models are trained with data extracted from dynamic analysis of malicious and benign files. For the first time, we see improv...
Saved in:
| Published in | Detection of Intrusions and Malware, and Vulnerability Assessment Vol. 9721; pp. 399 - 418 |
|---|---|
| Main Authors | , |
| Format | Book Chapter |
| Language | English |
| Published |
Switzerland
Springer International Publishing AG
2016
Springer International Publishing |
| Series | Lecture Notes in Computer Science |
| Subjects | |
| Online Access | Get full text |
| ISBN | 9783319406664 3319406663 |
| ISSN | 0302-9743 1611-3349 |
| DOI | 10.1007/978-3-319-40667-1_20 |
Cover
Loading…
| Abstract | In this paper, we propose a new multi-task, deep learning architecture for malware classification for the binary (i.e. malware versus benign) malware classification task. All models are trained with data extracted from dynamic analysis of malicious and benign files. For the first time, we see improvements using multiple layers in a deep neural network architecture for malware classification. The system is trained on 4.5 million files and tested on a holdout test set of 2 million files which is the largest study to date. To achieve a binary classification error rate of 0.358 %, the objective functions for the binary classification task and malware family classification task are combined in the multi-task architecture. In addition, we propose a standard (i.e. non multi-task) malware family classification architecture which also achieves a malware family classification error rate of 2.94 %. |
|---|---|
| AbstractList | In this paper, we propose a new multi-task, deep learning architecture for malware classification for the binary (i.e. malware versus benign) malware classification task. All models are trained with data extracted from dynamic analysis of malicious and benign files. For the first time, we see improvements using multiple layers in a deep neural network architecture for malware classification. The system is trained on 4.5 million files and tested on a holdout test set of 2 million files which is the largest study to date. To achieve a binary classification error rate of 0.358 %, the objective functions for the binary classification task and malware family classification task are combined in the multi-task architecture. In addition, we propose a standard (i.e. non multi-task) malware family classification architecture which also achieves a malware family classification error rate of 2.94 %. |
| Author | Huang, Wenyi Stokes, Jack W. |
| Author_xml | – sequence: 1 givenname: Wenyi surname: Huang fullname: Huang, Wenyi – sequence: 2 givenname: Jack W. surname: Stokes fullname: Stokes, Jack W. email: jstokes@microsoft.com |
| BookMark | eNqNkMtOwzAQRQ0URCj9Axb5AYOd8ZNdVcpDasumrC0ncSA0JCV2VfH3uC1CYsdiNNIdn9H4XKBB27UOoStKrikh8kZLhQED1ZgRISSmJiNHaBRjiOE-o8cooYJSDMD0yZ-ZYAOUECAZ1pLBGUo0zxiJc32ORt6_E0KoBKkUS9B0HhYu3KbjdL5pQo2X1q_Shdv0toktbLt-lVZdn959tfajLtK5bba2d-mksd7XVV3YUHftJTqtbOPd6KcP0cv9dDl5xLPnh6fJeIbXmVIBM6XKjEtaqrwSOSggUkqwmokqr0otuHYiPmAglCx5UVZQSOZ0xTNQ8X4OQ5Qd9vp1X7evrjd51628ocTsvJkowYCJGszekdl5ixA7QOu--9w4H4zbUYVrQ_xl8WbXwfXeCCBUscyA5rH0fzHOlWRM_WLfFlR9qA |
| ContentType | Book Chapter |
| Copyright | Springer International Publishing Switzerland 2016 |
| Copyright_xml | – notice: Springer International Publishing Switzerland 2016 |
| DBID | FFUUA |
| DEWEY | 005.8 |
| DOI | 10.1007/978-3-319-40667-1_20 |
| DatabaseName | ProQuest Ebook Central - Book Chapters - Demo use only |
| DatabaseTitleList | |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Computer Science |
| EISBN | 9783319406671 3319406671 |
| EISSN | 1611-3349 |
| Editor | Zurutuza, Urko Rodríguez, Ricardo J Caballero, Juan |
| Editor_xml | – sequence: 1 fullname: Rodríguez, Ricardo J – sequence: 2 fullname: Caballero, Juan – sequence: 3 fullname: Zurutuza, Urko |
| EndPage | 418 |
| ExternalDocumentID | EBC6301842_395_399 EBC5587448_395_399 |
| GroupedDBID | 0D6 0DA 38. AABBV AAMCO AAPIT AAQZU ABOWU ACLMJ ADCXD AEDXK AEJGN AEJLV AEKFX AEZAY ALMA_UNASSIGNED_HOLDINGS AORVH AWFBM AZZ BBABE CZZ FFUUA I4C IEZ SBO SWNTM TPJZQ TSXQS Z7R Z7S Z7U Z7X Z7Y Z7Z Z81 Z83 Z84 Z85 Z88 -DT -GH -~X 1SB 29L 2HA 2HV 5QI 875 AASHB ABMNI ACGFS AEFIE EJD F5P FEDTE HVGLF LAS LDH P2P RIG RNI RSU SVGTG VI1 ~02 |
| ID | FETCH-LOGICAL-p288t-488d2571d8bf6b38307773a946fbfd9659e6d2543687d5cdf3c74e9f523807853 |
| ISBN | 9783319406664 3319406663 |
| ISSN | 0302-9743 |
| IngestDate | Tue Jul 29 20:13:03 EDT 2025 Thu May 29 01:04:35 EDT 2025 Wed May 28 23:44:05 EDT 2025 |
| IsPeerReviewed | true |
| IsScholarly | true |
| LCCallNum | QA76.9.A25QA76.9.A25 |
| Language | English |
| LinkModel | OpenURL |
| MergedId | FETCHMERGED-LOGICAL-p288t-488d2571d8bf6b38307773a946fbfd9659e6d2543687d5cdf3c74e9f523807853 |
| OCLC | 952407839 1197563114 |
| PQID | EBC5587448_395_399 |
| PageCount | 20 |
| ParticipantIDs | springer_books_10_1007_978_3_319_40667_1_20 proquest_ebookcentralchapters_6301842_395_399 proquest_ebookcentralchapters_5587448_395_399 |
| PublicationCentury | 2000 |
| PublicationDate | 2016 |
| PublicationDateYYYYMMDD | 2016-01-01 |
| PublicationDate_xml | – year: 2016 text: 2016 |
| PublicationDecade | 2010 |
| PublicationPlace | Switzerland |
| PublicationPlace_xml | – name: Switzerland – name: Cham |
| PublicationSeriesSubtitle | Security and Cryptology |
| PublicationSeriesTitle | Lecture Notes in Computer Science |
| PublicationSeriesTitleAlternate | Lect.Notes Computer |
| PublicationSubtitle | 13th International Conference, DIMVA 2016, San Sebastián, Spain, July 7-8, 2016, Proceedings |
| PublicationTitle | Detection of Intrusions and Malware, and Vulnerability Assessment |
| PublicationYear | 2016 |
| Publisher | Springer International Publishing AG Springer International Publishing |
| Publisher_xml | – name: Springer International Publishing AG – name: Springer International Publishing |
| RelatedPersons | Kleinberg, Jon M. Mattern, Friedemann Naor, Moni Mitchell, John C. Terzopoulos, Demetri Steffen, Bernhard Pandu Rangan, C. Kanade, Takeo Kittler, Josef Weikum, Gerhard Hutchison, David Tygar, Doug |
| RelatedPersons_xml | – sequence: 1 givenname: David surname: Hutchison fullname: Hutchison, David – sequence: 2 givenname: Takeo surname: Kanade fullname: Kanade, Takeo – sequence: 3 givenname: Josef surname: Kittler fullname: Kittler, Josef – sequence: 4 givenname: Jon M. surname: Kleinberg fullname: Kleinberg, Jon M. – sequence: 5 givenname: Friedemann surname: Mattern fullname: Mattern, Friedemann – sequence: 6 givenname: John C. surname: Mitchell fullname: Mitchell, John C. – sequence: 7 givenname: Moni surname: Naor fullname: Naor, Moni – sequence: 8 givenname: C. surname: Pandu Rangan fullname: Pandu Rangan, C. – sequence: 9 givenname: Bernhard surname: Steffen fullname: Steffen, Bernhard – sequence: 10 givenname: Demetri surname: Terzopoulos fullname: Terzopoulos, Demetri – sequence: 11 givenname: Doug surname: Tygar fullname: Tygar, Doug – sequence: 12 givenname: Gerhard surname: Weikum fullname: Weikum, Gerhard |
| SSID | ssj0001737884 ssj0002792 |
| Score | 2.3287017 |
| Snippet | In this paper, we propose a new multi-task, deep learning architecture for malware classification for the binary (i.e. malware versus benign) malware... |
| SourceID | springer proquest |
| SourceType | Publisher |
| StartPage | 399 |
| SubjectTerms | Computer security |
| Title | MtNet: A Multi-Task Neural Network for Dynamic Malware Classification |
| URI | http://ebookcentral.proquest.com/lib/SITE_ID/reader.action?docID=5587448&ppg=399 http://ebookcentral.proquest.com/lib/SITE_ID/reader.action?docID=6301842&ppg=399 http://link.springer.com/10.1007/978-3-319-40667-1_20 |
| Volume | 9721 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwnV3Pb9MwFLZYuSAO_BYbG_KBW2XUxHbscOtGYUysp27azYoT-zR1SA1C7K_nPTtu0qjSNA6J0ih1LX_O6_Pze99HyCdRuzLzOmPgDUsmmlIz7ZVklcuth-WGckE64XJZnF-Jixt5kzTbu-qS1n6u7_fWlfwPqnAPcMUq2Ucgu20UbsA14AtnQBjOI-d3N8wac1lc6-rk7_1YY_FESGqLmRO3f6oYXcaP179vkVw65MH-nc63ZJzD-XLZLl0ME05DUS5bVRusggi0HMuYLB5yEr9GDfv0G1FWExOOeoy7KEI2jiKkKOIoDjkIhc2_76w8Oby6Atc-YmhKkQpor10epmJg2RR-VbHM5LP-fyjtvfOomDSiwV6cnhVgjLTIDS8lHOUBOVBaTsjT-eLi53UfWFNIkY9yXts-8si01Pd5UEO5r087q43RBnnwO1YvyXOsRaFYJAK9fEWeuPVr8iIpcdDOML8hi4DeFzqnPXY0Ykc77ChgRzvsaIcd3cXuLbn6tlidnbNOIIP9yrVuGRjfBkxu1mjrC8s12GuleFWKwlvfIFWkKxpkOyi0amTdeF4r4Uov8yAzIPk7Mlnfrd17Qq2sage-oytQuEp4q73wamZnnGsvrTwkLA2JCdv4Xe5wHQdgY6REIQWdwHnw-RGYh2Saxtng4xuT-LQBIMMNAGQCQAYBOnpk6x_Is37SH5MJvJLuBJzJ1n7sps8_f1FvOw |
| linkProvider | Library Specific Holdings |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.title=Detection+of+Intrusions+and+Malware%2C+and+Vulnerability+Assessment&rft.atitle=MtNet%3A+A+Multi-Task+Neural+Network+for+Dynamic+Malware+Classification&rft.date=2016-01-01&rft.pub=Springer+International+Publishing+AG&rft.isbn=9783319406664&rft.volume=9721&rft_id=info:doi/10.1007%2F978-3-319-40667-1_20&rft.externalDBID=399&rft.externalDocID=EBC6301842_395_399 |
| thumbnail_s | http://utb.summon.serialssolutions.com/2.0.0/image/custom?url=https%3A%2F%2Febookcentral.proquest.com%2Fcovers%2F5587448-l.jpg http://utb.summon.serialssolutions.com/2.0.0/image/custom?url=https%3A%2F%2Febookcentral.proquest.com%2Fcovers%2F6301842-l.jpg |