Researchers from Microsoft's Threat Protection Intelligence team and Intel Labs have teamed up to work on a new research project that used a new approach to detect and classify malware. The project, called Static Malware Network Analysis as Image (STAMINA), used a new technique to convert malware samples into grayscale images that were then analyzed to look for texture and structure patterns specific to known malware samples. In the first part of their collaboration, the researchers built on Intel's previous work on deep transfer learning for static malware classification and used an actual data set from Microsoft to better understand the practical value of the approach for classifying malware. malware as a computer vision task. The STAMINA approach argues that malware can be classified on a large scale by performing static analysis on malware code represented in the form of images.
Convert malware to images
The researchers first prepared the malicious binaries by converting them into two-dimensional images using pixel conversion, reshaping, and resizing. The binaries were converted to a one-dimensional sequence of pixels by assigning each byte a value between 0 and 255 that corresponded to the intensity of the pixels. Each pixel stream was then transformed into a two-dimensional image using the file size to determine the width and height of each image. These resized images were fed into a preformed deep neural network (DNN) that analyzed the 2D representations of the malware strains and classified them as clean or infected. To provide the basis for the investigation, Microsoft provided a sample of 2,2 million infected Portable Executable (PE) file hashes. Microsoft and Intel researchers used 60% of the known malware samples to form the original DNN algorithm, 20% of the files were used to validate the DNN, and the remaining 20% were used for the actual testing process. According to the research team, STAMINA was able to achieve a 99.07% accuracy rate in identifying and classifying malware samples with a false positive rate of only 2.58%. When working with smaller files, STAMINA is accurate and fast, although the project flickers when working with larger images. Based on the success of the project to identify malware, Microsoft may one day use STAMINA to detect malware on Windows PCs or even its Window Defender antivirus software. via ZDNet