Microsoft and Intel are working on a project that converts malware into images for easier...

Shawn Knight

Posts: 12,297   +120
Staff member

Building on an earlier joint effort, the two are now attempting to tackle malware classification as a computer vision task through an approach known as static malware-as-image network analysis (STAMINA). By plotting malware binaries as grayscale images, textural and structural patterns can be analyzed and identified as either benign or malicious.

To do this, malware binaries were converted into two-dimensional images which involved pixel conversion, reshaping and resizing. Each byte was given a value between 0 and 255, corresponding to pixel intensity. The file size was then used to determine the width and height of an image, transforming it into a two-dimensional picture.

Across 2.2 million portable executable (PE) binaries (temporally split 60:20:20 for training, validation and testing), the approach achieved a recall of 87.05 percent at 0.1 percent false positive rate and 99.66 percent recall and 99.07 percent accuracy at 2.58 false positive rate overall.

For more complex threats, static analysis can be used in conjunction with dynamic and behavior analysis to build even more comprehensive threat detection systems.

Masthead credit: Yuttanas

Permalink to story.

 

Eldritch

Posts: 206   +227
My understanding is this :
Normally to detect threats we can analyze the entire code, do code emulation or do hash checks to determine if something is a threat.

Now hash checks are extremely fast but even a single byte here or there will create a new hash. So they basically created an image and anything that generally resembles the image (means it can be little bit different) will be subjected to much more stricter analysis.