It has become known that specialists from Microsoft and Intel are jointly developing a new method for identifying malicious software. The method is based on deep learning and a system for representing malware in the form of graphic images in grayscale.
The source reports that Microsoft researchers from the Threat Defense Intelligence Group are working with colleagues from Intel to explore the possibility of using deep learning to combat malware. The system being developed is called STAtic Malware-as-Image Network Analysis, or STAMINA. The system processes binary malware files presented in the form of monochrome images. The researchers found that such images of malware from the same family have structural similarities, which means that texture and structural patterns can be analyzed and identified as benign or malicious.
Transforming binary files into images begins by assigning each byte a value from 0 to 255, corresponding to the color intensity of the pixel. After this, the pixels receive two basic values ββthat characterize width and height. Additionally, the file size is used to determine the width and height of the final image. The researchers then used machine learning technologies to create a malware classifier that is used in the analysis process.
STAMINA was tested using 2,2 million executable files. Researchers have found that the accuracy of identifying malicious code reaches 99,07%. At the same time, the number of false positives was recorded in 2,58% of cases, which is generally a fairly good result.
To identify more complex threats, static analysis can be used in combination with dynamic and behavioral analysis to create more comprehensive threat detection systems.
Source: 3dnews.ru