DID YOU KNOW? DTIC has over 3.5 million final reports on DoD funded research, development, test, and evaluation activities available to our registered users. Click
HERE to register or log in.
Accession Number:
AD1081619
Title:
Unsupervised Learning of Library Routines to Predict Function
Descriptive Note:
Technical Report,01 Oct 2018,31 Aug 2019
Corporate Author:
CCDC Army Research Laboratory Aberdeen Proving Ground, United States
Report Date:
2019-09-25
Pagination or Media Count:
21.0
Abstract:
Since malware is a constantly evolving threat, it requires significant expertise to detect, identify, and mitigate. We postulate that deep learning can be adapted to this problem domain to provide automated analysis of arbitrary binary code to aid cyber analysts in the identification of functional components. As a proof-of-concept, we trained a convolutional auto encoder to reproduce various fields of the disassembled binaries of standard Linux libraries. We then performed clustering on the bottleneck layer to identify possible clusters of similarity among the various routines. Our spot check of 100 routines suggests that deep learning may indeed be useful for routine classification. However, further network-topology refinement and a concerted ground-truth labelling effort will be required to yield a production-level analytical tool.
Distribution Statement:
APPROVED FOR PUBLIC RELEASE
