Interpretable Detection of Malicious Behavior in Windows Portable Executables Using Multi-Head 2D Transformers

作     者：Sohail Khan Mohammad Nauman 

作者机构：Computer Science DepartmentEffat College of EngineeringEffat UniversityJeddah 23341Kingdom of Saudi Arabia 

出 版 物：《Big Data Mining and Analytics》 (大数据挖掘与分析（英文）)

年 卷 期：2024年第7卷第2期

页      面：485-499页

核心收录：

学科分类：0710[理学-生物学] 07[理学] 071007[理学-遗传学] 

主　　题：machine learning malware vision transformers Windows Protable Executable(PE) 

摘      要：Windows malware is becoming an increasingly pressing problem as the amount of malware continues to grow and more sensitive information is stored on *** of the major challenges in tackling this problem is the complexity of malware analysis,which requires expertise from human *** developments in machine learning have led to the creation of deep models for malware ***,these models often lack transparency,making it difficult to understand the reasoning behind the model’s decisions,otherwise known as the black-box *** address these limitations,this paper presents a novel model for malware detection,utilizing vision transformers to analyze the Operation Code(OpCode)sequences of more than 350000 Windows portable executable malware samples from real-world *** model achieves a high accuracy of 0.9864,not only surpassing the previous results but also providing valuable insights into the reasoning behind the *** model is able to pinpoint specific instructions that lead to malicious behavior in malware samples,aiding human experts in their analysis and driving further advancements in the *** report our findings and show how causality can be established between malicious code and actual classification by a deep learning model,thus opening up this black-box problem for deeper analysis.