DAEMON: Dataset/Platform-Agnostic Explainable Malware Classification Using Multi-Stage Feature Mining

Numerous metamorphic and polymorphic malicious variants are generated automatically on a daily basis by mutation engines that transform the code of program while retaining its functionality, in order to evade signature-based detection. These automatic processes have greatly increased number malware variants, deeming their fully-manual analysis impossible. Malware classification is task determining which family new variant belongs. Variants same show similar behavioral patterns. Thus, classifying newly discovered programs applications helps assess risks they pose. Moreover, facilitates should undergo manual security expert, determine whether belong (e.g., one whose members exploit zero-day vulnerability) or simply result concept drift within known family. This motivated intense research recent years devising high-accuracy tools for classification. In this work, we present DAEMON - novel dataset-agnostic classifier. A key property type features it uses manner mined facilitate understanding distinctive behavior families, making decisions explainable. We've optimized using large-scale dataset x86 binaries, belonging mix several families targeting computers running Windows. We then re-trained applied it, without any algorithmic change, feature re-engineering parameter tuning, two other datasets Android consisting numerous families. obtained highly accurate results all datasets, establishing also platform-agnostic.