Early Stage Malware Prediction Using Recurrent Neural Networks

Certain malware variants, such as ransomware, highlight the importance of detecting malware prior to the execution of the malicious payload. Static code analysis can be vulnerable to obfuscation techniques. Behavioural data collected during file execution is more difficult to obfuscate, but typically takes a long time to capture. In this paper we investigate the possibility of predicting whether or not an executable is malicious. We use sequential dynamic data and find that an ensemble of recurrent neural networks is able to predict whether an executable is malicious or benign within the first 4 seconds of execution with 93% accuracy. This is the first time a file has been predicted to be malicious during its execution rather than using the complete log file post-execution.