Visual malware detection using local malicious pattern

In recent years, malware authors have had significant developments in offering new generations of malware and have tried to use different methods to make malware detection hard, so detecting malware has become one of the most important challenges for the security of computer systems. These developments have made detection of malware using conventional methods rather difficult and in many cases impossible. Thus, inventing new methods for detecting malware is critical. In this paper, a new method is proposed to detect unknown malware based on micro-patterns within the executable files. In the proposed method, for extracting required micro-patterns, one of the well-known methods in machine vision field is used. The proposed method works as follows: first executable files are converted into digital images; second, these images are used to extract visual features of the executable files; finally, machine learning methods are used to detect malware. The main idea of the proposed method is based on differences in the behavior and functionality of malware and benign files, where different behavior results in different micro-patterns which can be used to distinguish between malware and benign files. Accordingly, in this paper a textural image classification method is used which aims to extract micro-patterns of digital textural images, to detect and extract micro-patterns of executable files and use them to detect malware.

[1]  Yoseba K. Penya,et al.  Automatic Behaviour-based Analysis and Classification System for Malware Detection , 2010, ICEIS.

[2]  Igor Santos,et al.  OPEM: A Static-Dynamic Approach for Machine-Learning-Based Malware Detection , 2012, CISIS/ICEUTE/SOCO Special Sessions.

[3]  Teuvo Kohonen,et al.  Self-Organizing Maps , 2010 .

[4]  Matti Pietikäinen,et al.  Multiresolution Gray-Scale and Rotation Invariant Texture Classification with Local Binary Patterns , 2002, IEEE Trans. Pattern Anal. Mach. Intell..

[5]  Yan Zhou,et al.  Malware detection using adaptive data compression , 2008, AISec '08.

[6]  InSeon Yoo,et al.  Visualizing windows executable viruses using self-organizing maps , 2004, VizSEC/DMSEC '04.

[7]  Ali Hamzeh,et al.  A novel compression-based approach for malware detection using PE header , 2013, The 5th Conference on Information and Knowledge Technology.

[8]  Amin Azmoodeh,et al.  Graph embedding as a new approach for unknown malware detection , 2017, Journal of Computer Virology and Hacking Techniques.

[9]  Nicole Immorlica,et al.  Locality-sensitive hashing scheme based on p-stable distributions , 2004, SCG '04.

[10]  Gregory J. Conti,et al.  Visual Reverse Engineering of Binary and Data Files , 2008, VizSEC.

[11]  Sergey Bratus,et al.  A Visual Study of Primitive Binary Fragment Types , 2010 .

[12]  Wei Dai,et al.  Control flow-based opcode behavior analysis for Malware detection , 2014, Comput. Secur..

[13]  Peter Harrington,et al.  Machine Learning in Action , 2012 .

[14]  Ali Hamzeh,et al.  A novel method for malware detection using audio signal processing techniques , 2016, 2016 Artificial Intelligence and Robotics (IRANOPEN).

[15]  William W. Cohen,et al.  Power Iteration Clustering , 2010, ICML.

[16]  R. Kirschen,et al.  The Royal London Space Planning: an integration of space analysis and treatment planning: Part I: Assessing the space required to meet treatment objectives. , 2000, American journal of orthodontics and dentofacial orthopedics : official publication of the American Association of Orthodontists, its constituent societies, and the American Board of Orthodontics.

[17]  Igor Santos,et al.  Opcode sequences as representation of executables for data-mining-based unknown malware detection , 2013, Inf. Sci..

[18]  Shawn D. Newsam,et al.  Comparing SIFT descriptors and gabor texture features for classification of remote sensed imagery , 2008, 2008 15th IEEE International Conference on Image Processing.

[19]  Eul Gyu Im,et al.  Malware analysis method using visualization of binary files , 2013, RACS.

[20]  Ali Hamzeh,et al.  A survey on heuristic malware detection techniques , 2013, The 5th Conference on Information and Knowledge Technology.