A Signal Processing Approach to Malware Analysis
Abstract
There is an alarming increase in the amount of malware that is generated today. Several studies have shown that most of these new malware are just variants of existing ones. In this research we focus on developing orthogonal methods motivated by Signal and Image Processing. We exploit the fact that most malware variants are similar in structure. One could then treat malware as digital signals and apply Signal and Image Processing techniques to compute descriptions that facilitate detection and classification of malware. First, we will present SARVAM: Search And RetrieVAl of Malware, an online malware search and retrieval system where one can upload a binary executable and search over a database of approximately 7 million malware samples using Image Similarity metrics. Next, we generalize this approach by expanding malware as a sparse linear combination of other malware samples. Finally, the methods can be generalized to data forensics, where given a block of data we can determine the data type.