Abstract: Human-readable (HR) code may be derived from a binary. The HR code may be configured to have statistical properties suitable for machine-learned (ML) translation. The HR code may comprise source code, intermediate code, assembly code, or the like. A machine-learned translator may be configured to translate the HR code into labels comprising semantic information pertaining to respective functions of the binary, such as a function name, role, or the like. Execution of the binary may be blocked in response to translating the HR code to a label associated with malware, such as cryptocurrency mining malware or the like. Conversely, the binary may be permitted to proceed to execution in response to determining that the translation is free from labels indicative of malware.

Abstract: Network systems, classification methods, and related apparatuses for security analyses of electronic messages are disclosed. An apparatus includes an input terminal to receive message data corresponding to an electronic message to be delivered to a destination device and processing circuitry. The processing circuitry is configured to, if the electronic message includes an attached file, disassemble the attached file to obtain assembly code from the attached file. The processing circuitry is also configured to translate the assembly code to generate function labels corresponding to functions the assembly code is configured to instruct the destination device to perform. The processing circuitry is further configured to classify the electronic message as anomalous responsive to one or more of the generated function labels being identified as suspicious.

Abstract: Network security and related apparatuses, methods, and security systems are disclosed. An apparatus includes a variational autoencoder trained to reconstruct a benign packet flow representation of a benign packet flow corresponding to a benign stream of packets. The processing circuitry is configured to apply a packet flow representation of a packet flow corresponding to a received stream of packets to the variational autoencoder to generate a reconstructed packet flow representation. The packet flow representation includes one or more of a determined transfer entropy corresponding to the received stream of packets, flow derived metadata, or a Granger causality of the packet flow. The processing circuitry is also configured to determine a reconstruction loss of the reconstructed packet flow representation and determine whether the received stream of packets is anomalous responsive to the determined reconstruction loss.

Abstract: Human-readable (HR) code may be derived from a binary. The HR code may be configured to have statistical properties suitable for machine-learned (ML) translation. The HR code may comprise source code, intermediate code, assembly code, or the like. A machine-learned translator may be configured to translate the HR code into labels comprising semantic information pertaining to respective functions of the binary, such as a function name, role, or the like. Execution of the binary may be blocked in response to translating the HR code to a label associated with malware, such as cryptocurrency mining malware or the like. Conversely, the binary may be permitted to proceed to execution in response to determining that the translation is free from labels indicative of malware.