Accession Number:



Unsupervised Learning of Library Routines to Predict Function

Personal Author(s):

Corporate Author:

CCDC Army Research Laboratory Aberdeen Proving Ground, United States

Report Date:



Since malware is a constantly evolving threat, it requires significant expertise to detect, identify, and mitigate. We postulate that deep learning can be adapted to this problem domain to provide automated analysis of arbitrary binary code to aid cyber analysts in the identification of functional components. As a proof-of-concept, we trained a convolutional auto encoder to reproduce various fields of the disassembled binaries of standard Linux libraries. We then performed clustering on the bottleneck layer to identify possible clusters of similarity among the various routines. Our spot check of 100 routines suggests that deep learning may indeed be useful for routine classification. However, further network-topology refinement and a concerted ground-truth labelling effort will be required to yield a production-level analytical tool.

Descriptive Note:

Technical Report,01 Oct 2018,31 Aug 2019



Communities Of Interest:

Modernization Areas:

Distribution Statement:

Approved For Public Release;

File Size: