English

Malware Detection by Eating a Whole EXE

Machine Learning 2017-10-27 v1 Cryptography and Security Machine Learning

Abstract

In this work we introduce malware detection from raw byte sequences as a fruitful research area to the larger machine learning community. Building a neural network for such a problem presents a number of interesting challenges that have not occurred in tasks such as image processing or NLP. In particular, we note that detection from raw bytes presents a sequence problem with over two million time steps and a problem where batch normalization appear to hinder the learning process. We present our initial work in building a solution to tackle this problem, which has linear complexity dependence on the sequence length, and allows for interpretable sub-regions of the binary to be identified. In doing so we will discuss the many challenges in building a neural network to process data at this scale, and the methods we used to work around them.

Cite

@article{arxiv.1710.09435,
  title  = {Malware Detection by Eating a Whole EXE},
  author = {Edward Raff and Jon Barker and Jared Sylvester and Robert Brandon and Bryan Catanzaro and Charles Nicholas},
  journal= {arXiv preprint arXiv:1710.09435},
  year   = {2017}
}
R2 v1 2026-06-22T22:25:52.175Z