Multi-Head Attention Based Malware Detection with Byte-Level Representation

Machine learning (ML)-based malware detection plays a crucial role in cyber-security by enabling the identification of potential malware threats without relying solely on predefined signatures or rules. Conventional ML approaches require a feature engineering step to analyze and convert collected data (e.g., captured network traffic and malware programs) into a format suitable for model training and prediction. However, this particular step typically requires a considerable depth of domain-specific expertise and also adds additional complexity to the learning process. To mitigate this limitation, we propose to perform malware detection directly based on the byte-level representation of malware data. We employ a byte embedding layer to convert byte sequences into higher-dimension representations. Then, we employ the multi-head attention technique to capture their correlation before forwarding the output to a fully connected deep neural network for malware detection. Extensive experiments on multiple datasets with diverse file formats demonstrated the superior performance of our proposed method. Additionally, we performed an ablation study on the role of the byte-embedding layer to show that our approach does not depend on a high embedding dimension for strong predictive performance, which helps reduce training complexity.