In what appears to be a joint project between Microsoft researchers and Intel lab towards deep studying and learning more about the threats malware poses has led to a research experiment that converts malware into images mainly for observation.
The partnership centers around a new research project for the exploration of new approaches to detecting and classifying malware.
The project called “STAMINA” (Static Malware-as -image network analysis) focuses on a novel technique for converting malware samples into gray images and then looking for structural and textural patterns matching the image malware samples. The above was disclosed in a blog post by Marc Marino and Jugal Parikh from Microsoft Threat Protection Intelligence Team.
A few elementary steps were followed by the process according to the joint research team. The first involved taking an input file and converting its binary form into a torrent of raw pixel data. Then taking the one-dimensional (1D) pixel stream which is then converted into a 2D photo so that normal image analysis algorithms can analyze it. About 2.2 million dataset samples of infected PE (Portable Executable) file hashes to serve as a base for the research was provided by Microsoft
The research team used about 60% of the known malware samples for training the original DNN algorithm, 20% of the files were used to validate the DNN and the remaining 20% for the main testing operation. According to the Research team, STAMINA attained an accuracy of 99.07% with identification and classification malware samples, with just 2.58% recorded as false positive.
The metrics that were captured include recalling definite false positive range with accuracy, F1 score, and area within the receiver’s operating curve (ROC).
This collaborated research promotes the use of deep transfer learning to achieve malware classification. More details and technical journals on the research are listed on the white paper.