Malware Images: Visualization and Automatic Classification

Abstract

We propose a simple yet effective method for visualizing and classifying malware using image processing techniques. Malware binaries are visualized as gray-scale images, with the observation that for many malware families, the images belonging to the same family appear very similar in layout and texture. Motivated by this visual similarity, a classification method using standard image features is proposed. Neither disassembly nor code execution is required for classification. Preliminary experimental results are quite promising with 98% classification accuracy on a malware database of 9,458 samples with 25 different malware families. Our technique also exhibits interesting resilience to popular obfuscation techniques such as section encryption.

[PDF] [BibTex]
Lakshmanan Nataraj, S. Karthikeyan, Gregoire Jacob, B.S. Manjunath,
International Symposium on Visualization for Cyber Security (VizSec) , Jul. 2011.
Node ID: 563 , DB ID: 372 , Lab: VRL , Target: Conference
Subject: [Malware Analysis] « Look up more