pith. sign in

arxiv: 1710.09435 · v1 · pith:EIKXPEESnew · submitted 2017-10-25 · 📊 stat.ML · cs.CR· cs.LG

Malware Detection by Eating a Whole EXE

classification 📊 stat.ML cs.CRcs.LG
keywords problembuildingdetectionworkchallengeslearningmalwarenetwork
0
0 comments X
read the original abstract

In this work we introduce malware detection from raw byte sequences as a fruitful research area to the larger machine learning community. Building a neural network for such a problem presents a number of interesting challenges that have not occurred in tasks such as image processing or NLP. In particular, we note that detection from raw bytes presents a sequence problem with over two million time steps and a problem where batch normalization appear to hinder the learning process. We present our initial work in building a solution to tackle this problem, which has linear complexity dependence on the sequence length, and allows for interpretable sub-regions of the binary to be identified. In doing so we will discuss the many challenges in building a neural network to process data at this scale, and the methods we used to work around them.

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Forward citations

Cited by 8 Pith papers

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

  1. Large Byte Model: Teaching Language Models About Compiled Code

    cs.CR 2026-06 unverdicted novelty 7.0

    Presents a byte-native LLM with bespoke tokenizer achieving 69-98% accuracy on malware family and architecture classification from raw bytes.

  2. Quantifiable Uncertainty: A Stochastic Consensus Multi-Agent RAG Framework for Robust Malware Detection

    cs.CR 2026-05 unverdicted novelty 7.0

    MAGMA combines RAG with a stochastic consistency ensemble over dual code embeddings to derive Function Evidence Strength and Evidence Conflict Score metrics, enabling reject-option decisions and achieving 98.4% malwar...

  3. Trident: Improving Malware Detection with LLMs and Behavioral Features

    cs.CR 2026-04 unverdicted novelty 6.0

    Trident combines static decision trees, LLM-generated behavioral rules from sandbox reports, and direct LLM analysis via majority voting to outperform static methods while resisting concept drift without retraining.

  4. Adversarial Malware Generation in Linux ELF Binaries via Semantic-Preserving Transformations

    cs.CR 2026-04 unverdicted novelty 6.0

    A new adversarial generator for Linux ELF malware achieves 67.74% evasion against MalConv by inserting benign-like strings, with the detector showing mean confidence drop of 0.50.

  5. Building an Adversarial Malware Dataset by Family and Type: Generation, Evasion, and Poisoning Evaluation

    cs.CR 2026-05 unverdicted novelty 5.0

    The paper releases two adversarial malware datasets (44k family-labelled, 33k type-labelled) with high evasion rates and demonstrates that 0.5% poisoning injection raises evasion from 26.1% to 92.8%.

  6. Towards Certified Malware Detection: Provable Guarantees Against Evasion Attacks

    cs.CR 2026-04 unverdicted novelty 5.0

    A randomized smoothing framework with feature ablation and Wilson score intervals provides formal certificates guaranteeing malware classifier robustness within a perturbation radius.

  7. Explainability-Guided Adversarial Attacks on Transformer-Based Malware Detectors Using Control Flow Graphs

    cs.CR 2026-04 unverdicted novelty 5.0

    An explainability-guided attack perturbs key function calls in linearized CFGs to evade transformer malware detectors on Windows PE datasets.

  8. Cybersecurity is the True Frontier for Generative AI Success or Failure

    cs.CR 2026-06 unverdicted novelty 3.0

    Cybersecurity's scale, adversaries, labeling issues, and operational demands make it the superior test-case for general AI progress over NLP or computer vision.