Researchers demonstrated a technique that converts malware binary form into grayscale images, which are scanned by an image pattern recognition algorithm.
Microsoft and Intel are collaborating on a research project that aims to detect malware threats through the application of deep learning techniques.
The project, which has been ongoing for several months, published its first paper earlier this month. In it, the researchers demonstrated a technique that converts malware binary form into grayscale images, which are scanned by an image pattern recognition algorithm.
That algorithm, called STAMINA (STAtic Malware-as-Image Network Analysis), is then able to classify if the file is clean or infected. In tests, STAMINA achieved an accuracy of 99.07 percent, with 2.58 percent false positive rate.
“The results certainly encourage the use of deep transfer learning for the purpose of malware classification,” said Microsoft researchers Jugal Parikh and Marc Marino.
STAMINA one major drawback is its inefficiency with larger files. To save on time and not overload the algorithm, files are compressed into JPEG format, which can be ineffective for larger and more detailed images.
“STAMINA becomes less effective due to limitations in converting billions of pixels into JPEG images and then resizing them,” said Microsoft in a blog post.
That does not make it useless however, as most malware files are not large in size. If a file is large, the algorithm may be able to bounce it to a metadata-based model, which the researchers say is a more optimal solution for large files.
Intel and Microsoft said they will continue to evaluate different deep learning models for malware detection, starting with a hybrid model with larger datasets.