Use of Multi-CNNs for Section Analysis in Static Malware Detection

Static analysis is a fundamental step in malware detection, as it is the first line of defense. It provides a preliminary and quick indication of the nature of a binary file without executing it on the machine. To achieve this, there are many more or less sophisticated techniques. Current anti-virus technologies use a signaturebased approach, where a signature is a set of rules in an attempt to identify if the binary is a malware. These rules are generally specific, and cannot usually recognize new malware so researchers have turned to artificial intelligence to improve the detection of new malware [1, 2, 3]. There are many ways of covering the subject, depending on the preprocessing chosen. For example, it is possible to learn about features extracted from binary semantic and statistical data [4], to use language processing elements [5] or even convolutional neural networks (CNNs) [6, 7]. In this article, we propose not only to improve the detection rate using multiple CNNs, but also to provide a better explainability of the results.