Existing research on malware detection focuses almost exclusively on the detection rate. However, in some cases, it is also important to understand the results of our algorithm, or to obtain more information, such as where to investigate in the file for an analyst. In this aim, we propose a new model to analyze Portable Executable files. Our method consists in splitting the files in different sections, then transform each section into an image, in order to train convolutional neural networks to treat specifically each identified section. Then we use all these scores returned by CNNs to compute a final detection score, using models that enable us to improve our analysis of the importance of each section in the final score.

翻译：现有恶意软件检测研究几乎完全聚焦于检测率。然而在某些场景下，理解算法的检测结果或获取更多信息（例如分析人员应重点审查文件中的哪些部分）同样至关重要。为此，我们提出一种分析可移植可执行文件的新模型。该方法首先将文件分割为不同节，随后将每个节转换为图像，训练卷积神经网络分别处理各识别节。最终通过整合各CNN返回的分数，利用可增强各节对最终检测分数重要性分析能力的模型，计算综合检测得分。