Deep learning for malicious image file detection

What is claimed is: 1. A system, comprising: a processor configured to: receive a plurality of structural sections of a first image file, wherein the plurality of structural sections corresponds to structural elements associated with a file format of the first image file; use the received plurality of structural sections to determine a likelihood that the first image file contains potentially malicious content in at least one of the structural sections, at least in part by using a model trained using a sample set comprising a plurality of previously processed image files, wherein a given image file included in the plurality of previously processed image files was processed at least in part by having a set of sections extracted by an image parser, and wherein the image parser is configured to extract both normal sections and abnormal sections from the given image file, wherein a given abnormal section is one that corresponds to a commonly exploited section; and provide as output a verdict for the first image file; and a memory coupled to the processor and configured to provide the processor with instructions. 2. The system of claim 1 , wherein the processor is further configured to parse the first image file to obtain the plurality of sections. 3. The system of claim 1 , wherein the plurality of sections includes a reserved section. 4. The system of claim 3 , wherein the reserved section includes data appearing after an end marker of the first image file. 5. The system of claim 3 , wherein the reserved section includes a malformatted chunk. 6. The system of claim 3 , wherein the reserved section includes a private chunk. 7. The system of claim 3 , wherein the processor is further configured to assign raw bytes to the reserved section. 8. The system of claim 1 , wherein the plurality of sections includes at least one of: a PLTE chunk, an IDAT chunk, or a tEXt chunk. 9. The system of claim 1 , wherein the plurality of sections includes at least one of: an APP0 segment, an APP1 segment, or a COM segment. 10. The system of claim 1 , wherein the model is a hierarchical convolutional neural network model. 11. The system of claim 1 , wherein the processor is configured to receive the first image file over a network and from a data appliance. 12. The system of claim 1 , wherein the processor is further configured to train the model. 13. A method, comprising: receiving a plurality of structural sections of a first image file, wherein the plurality of structural sections correspond to structural elements associated with a file format of the first image file; using the received plurality of structural sections to determine a likelihood that the first image file contains potentially malicious content in at least one of the structural sections, at least in part by using a model trained using a sample set comprising a plurality of previously processed image files, wherein a given image file included in the plurality of previously processed image files was processed at least in part by having a set of sections extracted by an image parser, and wherein the image parser is configured to extract both normal sections and abnormal sections from the given image file, wherein a given abnormal section is one that corresponds to a commonly exploited section; and providing as output a verdict for the first image file. 14. A computer program product embodied in a non-transitory computer readable medium and comprising computer instructions for: receiving a plurality of structural sections of a first image file, wherein the plurality of structural sections correspond to structural elements associated with a file format of the first image file; using the received plurality of structural sections to determine a likelihood that the first image file contains potentially malicious content in at least one of the structural sections, at least in part by using a model trained using a sample set comprising a plurality of previously processed image files, wherein a given image file included in the plurality of previously processed image files was processed at least in part by having a set of sections extracted by an image parser, and wherein the image parser is configured to extract both normal sections and abnormal sections from the given image file, wherein a given abnormal section is one that corresponds to a commonly exploited section; and providing as output a verdict for the first image file. 15. The method of claim 13 , further comprising parsing the first image file to obtain the plurality of sections. 16. The method of claim 13 , wherein the plurality of sections includes a reserved section. 17. The method of claim 16 , wherein the reserved section includes data appearing after an end marker of the first image file. 18. The method of claim 16 , wherein the reserved section includes a malformatted chunk. 19. The method of claim 16 , wherein the reserved section includes a private chunk. 20. The method of claim 16 , further comprising assigning raw bytes to the reserved section. 21. The method of claim 13 , wherein the plurality of sections includes at least one of: a PLTE chunk, an IDAT chunk, or a tEXt chunk. 22. The method of claim 13 , wherein the plurality of sections includes at least one of: an APP0 segment, an APP1 segment, or a COM segment. 23. The method of claim 13 , wherein the model is a hierarchical convolutional neural network model. 24. The method of claim 13 , wherein the processor is first image file is received over a network and from a data appliance. 25. The method of claim 13 , further comprising training the model.