Malware analysis using visualized images and entropy graphs

Han, Kyoung Soo; Lim, Jae Hyun; Kang, BooJoong; Im, Eul Gyu

doi:10.1007/s10207-014-0242-0

Cited by 134 publications

(65 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Their method represented a binary file as a grayscale image by converting each bit value into an image pixel. Han et al [9] converted the images into entropy graphs. Their system used the bitmap image to calculate the entropy value of each line and generate an entropy graph.…”

Section: Related Workmentioning

confidence: 99%

Using convolutional neural networks for classification of malware represented as images

Gibert

Mateu

Planes

et al. 2018

J Comput Virol Hack Tech

167

View full text Add to dashboard Cite

Malware authors introduced obfuscation techniques to existing malware in order to evade detection and hide its purposes. As a result, the number of malicious programs has grown in both volume and sophistication. Thus, effective categorization of malware based on its characteristics and behavior is required. In this paper, malicious software is visualized as gray scale images since its ability to capture minor changes while retaining the global structure helps to detect variations. Motivated by the visual similarity between malware samples of the same family, we propose a file agnostic deep learning approach for malware categorization to efficiently group malicious software into families based on a set of discriminant patterns extracted from their visualization as images. The suitability of our approach is evaluated against two benchmarks: the MalImg dataset and the BigData Innovators Gathering. Experimental comparison demonstrates its superior performance with respect to state-of-the-art techniques.

show abstract

Section: Related Workmentioning

confidence: 99%

Using convolutional neural networks for classification of malware represented as images

Gibert

Mateu

Planes

et al. 2018

J Comput Virol Hack Tech

167

View full text Add to dashboard Cite

show abstract

“…As exemplified in previous section, there are two broad categories of visualisation techniques adopted for malware comparison, namely, image-based and feature-based [10,45]. Image-based techniques make use of visual images of either binary data or behaviour logs of the malware samples [46]. Images generated in this approach are similar to those shown in Figures 1 and 2, where visual mappings are used to generate an image for each malware sample.…”

Section: Proposed Methods Using Similarity Miningmentioning

confidence: 99%

Use of Data Visualisation for Zero-Day Malware Detection

Venkatraman¹,

Alazab

2018

Security and Communication Networks

118

View full text Add to dashboard Cite

With the explosion of Internet of Things (IoT) worldwide, there is an increasing threat from malicious software (malware) attackers that calls for efficient monitoring of vulnerable systems. Large amounts of data collected from computer networks, servers, and mobile devices need to be analysed for malware proliferation. Effective analysis methods are needed to match with the scale and complexity of such a data-intensive environment. In today’s Big Data contexts, visualisation techniques can support malware analysts going through the time-consuming process of analysing suspicious activities thoroughly. This paper takes a step further in contributing to the evolving realm of visualisation techniques used in the information security field. The aim of the paper is twofold: (1) to provide a comprehensive overview of the existing visualisation techniques for detecting suspicious behaviour of systems and (2) to design a novel visualisation using similarity matrix method for establishing malware classification accurately. The prime motivation of our proposal is to identify obfuscated malware using visualisation of the extended x86 IA-32 (opcode) similarity patterns, which are hard to detect with the existing approaches. Our approach uses hybrid models wherein static and dynamic malware analysis techniques are combined effectively along with visualisation of similarity matrices in order to detect and classify zero-day malware efficiently. Overall, the high accuracy of classification achieved with our proposed method can be visually observed since different malware families exhibit significantly dissimilar behaviour patterns.

show abstract

“…Han et al [33], [34] proposed several transformation methods to convert the opcode sequences extracted from malware samples into image matrices represented in RGBcolored pixels. In a later work of the same authors [9], binaries are converted into bitmap images, which are then converted to entropy graphs to calculate the similarities. This approach however, only works for Windows PE file because it needs PE header information to decide sections to be converted.…”

Section: Hit Entropymentioning

confidence: 99%

A Convolutional Transformation Network for Malware Classification

Nguyen

Nguyên

et al. 2019

2019 6th NAFOSTED Conference on Information and Computer Science (NICS)

View full text Add to dashboard Cite

Modern malware evolves various detection avoidance techniques to bypass the state-of-the-art detection methods. An emerging trend to deal with this issue is the combination of image transformation and machine learning techniques to classify and detect malware. However, existing works in this field only perform simple image transformation methods that limit the accuracy of the detection. In this paper, we introduce a novel approach to classify malware by using a deep network on images transformed from binary samples. In particular, we first develop a novel hybrid image transformation method to convert binaries into color images that convey the binary semantics. The images are trained by a deep convolutional neural network that later classifies the test inputs into benign or malicious categories. Through the extensive experiments, our proposed method surpasses all baselines and achieves 99.14% in terms of accuracy on the testing set.

show abstract

Malware analysis using visualized images and entropy graphs

Cited by 134 publications

References 22 publications

Using convolutional neural networks for classification of malware represented as images

Using convolutional neural networks for classification of malware represented as images

Use of Data Visualisation for Zero-Day Malware Detection

A Convolutional Transformation Network for Malware Classification

Contact Info

Product

Resources

About