System and method for analyzing binary code for malware classification using artificial neural network techniques

What is claimed is: 1. A system, implemented with at least one processor and at least one memory including software that, when executed by the at least one processor, detects whether an executable file is associated with a cyber-attack, the system comprising: a pre-processor configured to (i) select a section of binary code, included as part of the executable file and corresponding to executable machine code, in lieu of a dissembled version of the binary code and (ii) generate a first representation of the section of the binary code; a deep neural network including a convolutional neural network communicatively coupled to the pre-processor, the convolutional neural network (CNN) is configured to process a CNN input being the first representation of the section of the binary code by at least applying a plurality of weighting operations executing a programmatic function on the first representation to produce a CNN output, the convolutional neural network is further configured to identify patterns in the first representation operating as the CNN input and produce the CNN output; a classifier communicatively coupled to the convolutional neural network, the classifier being configured to (i) receive the CNN output including one or more patterns for use in determining whether the first representation is associated with a cyber-attack, (ii) receive an output from an intelligence-driven analysis subsystem operating concurrently with the deep neural network, wherein the output is based on static analysis of the executable file, and (iii) determine a classification assigned to the file based, at least in part, on a threat score generated based on the received CNN output from the convolutional neural network; and a message generator configured to generate a message in response to determining the classification of the executable file as being associated with a cyber-attack. 2. The system of claim 1 , wherein the pre-processor separates the section of the binary code into a first subsection and a second subsection, and each of the first and second subsections having corresponding first representations processed separately by the convolutional neural network to generate the CNN output provided to the classifier, and the classifier determines a classification of the executable file based on both of the corresponding CNN outputs. 3. The system of claim 1 , wherein the executable file comprises a Portable Executable (PE) file. 4. The system of claim 3 , wherein the section of the binary code comprises a predetermined number of bytes from one of a starting location of the PE file or an offset from the starting location of the PE file. 5. The system of claim 1 being communicatively coupled to the intelligence-driven analysis subsystem and a post-analysis subsystem, wherein: the intelligence-driven analysis subsystem to (i) receive the executable file, (ii) inspect the executable file for indicators associated with a cyber-attack, and (iii) produce a second output representing features associated with the detected indicators, and the post-analysis subsystem to receive the second output from the intelligence-driven analysis subsystem and the received CNN output from the convolution neural network, the post analysis subsystem including the classifier. 6. The system of claim 5 , wherein the post-analysis subsystem includes grouping logic to concatenate information associated with the received second output and the received CNN output and the classifier communicatively coupled to the grouping logic to receive a representation of the concatenated information and determine the classification assigned to the executable file based, at least in part, on the threat score generated from on the representation of the concatenated information. 7. The system of claim 1 , wherein the pre-processor selects the section of the binary code as comprising either (i) the binary code in its entirety when the binary code has a length less than a first number of bytes or (ii) a portion of the binary code less than the binary code in its entirety when the binary code has a length greater than the first number of bytes, wherein the portion of the binary code being a fixed number of bytes. 8. The system of claim 7 , wherein responsive to the binary code having a length greater than the first number of bytes, the pre-processor selecting the fixed number of bytes as the code section, the fixed number of bytes comprises either (i) the fixed number of contiguous bytes within the binary code, or (ii) a first number of bytes and a second number of bytes non-contiguous from the first number of bytes collectively forming the fixed number of bytes. 9. The system of claim 1 , wherein the pre-processor separates the binary code into one or more code sections of the binary code along a predefined format for the executable file in accordance with an applicable specification, the one or more code sections include the section of binary code. 10. The system of claim 9 , wherein the predefined format set for the executable file (PE). 11. The system of claim 1 being implemented as an endpoint device including the at least one processor and the at least one memory including remediation logic, wherein the remediation logic preventing execution of the executable file by the at least one processor upon receiving the message from the message generator. 12. The system of claim 1 , wherein the convolutional neural network operates directly on the section of the binary code without disassembly of the binary code. 13. The system of claim 1 , wherein the convolutional neural network comprises a plurality of convolutional layers including a first convolution layer that receives the first representation, one or more intermediary layers, and an output layer that generates the CNN output. 14. The system of claim 13 , wherein the one or more intermediary layers comprises one or more pooling layers including a first pooling layer configured to perform a nonlinear down-sampling on a layer output from a preceding one of the plurality of convolutional layers to produce a representation compressed relative to the layer output. 15. The system of claim 14 , wherein the pre-processor further comprises pre-processing logic and encoding logic communicatively coupled to the first convolution layer of the convolutional neural network, the pre-processing logic and the encoding logic receive the section of the binary code and transforms the section of the binary code into a matrix-based format for processing by the first convolution layer. 16. The system of claim 15 , wherein the classifier comprises a logistic function that generates the threat score. 17. The system of claim 1 , wherein the classifier further includes concatenation logic and a score generator, and wherein the concatenation logic of the classifier being communicatively coupled to the intelligence-driven analysis subsystem being configured to (i) receive the executable file, and (ii) operate concurrently with the deep neural network to detect static features associated with a cyber-attack in the executable file; and the score generator of the classifier to assign the threat score based on a concatenation produced by the concatenation logic of the detected static features provided by the intelligence-driven analysis subsystem and the CNN output provided by the convolutional neural network. 18. The system of claim 17 , wherein the concatenation logic of the classifier to provide the detected features in a representation having a format as used by the CNN output provided by the convolutional n