Microsoft and Intel announced a project called STAMINA (STAtic Malware-as-Image Network Analysis), which jointly works on a new approach to detecting malware.
This project has already established a technique for discovering texture and characteristic structural patterns of malware as gray scale images. Based on this technology, this time, we are studying a method to check whether a malicious code is infected by imaging a file containing malicious code.
According to this study, first, binary data of a file that may have been infected with a malicious code is converted into pixel data, and then the pixel data is converted into 2D image data so that it can be analyzed. The image is analyzed through a neural network that learns the pattern of malicious code to determine whether it is infected with malicious code.
Microsoft provided 2.2 million sample files infected with malicious code for this project, identified and classified malicious code with high precision of 99.07% in a verification experiment using a part of the file, and the false detection rate was 2.58%.
Malware continues to evolve. It is becoming difficult to follow with existing search tools. Therefore, a new detection method is required. If it can be detected simply by imaging, it may provide an effective security environment than ever. Related information can be found here .