VMware, Inc.
SYSTEMS AND METHODS FOR CLASSIFYING MALWARE BASED ON FEATURE REUSE

Abstract:

Systems and methods for classifying malware based on the frequency of feature reuse are provided. The system can identify a malicious feature frequency, a benign feature frequency, and a first weight value. The system can generate a first reuse vector based on the malicious feature frequency and the benign feature frequency. The system can determine that a training binary associated with a known classification includes the first feature and a second feature, the second feature associated with a second reuse vector and a second weight value. The system can construct, responsive to the determination that the first binary includes the first feature and the second feature, a reuse tensor using the first reuse vector, the second reuse vector, the first weight value, and the second weight value. The system can train a malware classification model using the reuse tensor and the known classification associated with the training binary.