Microsoft and Intel have been working together on a new approach to malware detection that involves deep learning and the representation of malware as images.
Referred to as STAtic Malware-as-Image Network Analysis (STAMINA), the research leverages Intel’s previous work on static malware classification through deep transfer learning and applies it to a real-world dataset from Microsoft to determine its practical value.
The approach is based on the inspection of malware binaries plotted as grayscale images, which has revealed that there are textural and structural similarities between binaries from the same malware families, and differences between different families or between malware and benign software.
In their whitepaper on STAMINA, researchers from Intel (Li Chen and Ravi Sahita) and Microsoft (Jugal Parikh and Marc Marino) argue that the classic malware detection approach that relies on signature matching is becoming less straightforward due to the rapid increase in signatures, while static and dynamic approaches might not be accurate or time-efficient.
STAMINA, the researchers explain, consists of four steps: preprocessing (image conversion), transfer learning, evaluation, and interpretation.