Two tech giants, Intel and Microsoft, are working together in order to make it easier to detect and classify malware.
Intel Labs is working alongside the Threat Protection Intelligence Team from Microsoft. The two teams are working into creating images taken from various samples of malware. These images can provide a simpler way of detecting a malicious code that might harm a computer.
A revolutionary new technique
The project is using the new Statix Malware-as-Image Network Analysis (STAMINA) technique. This new imaging technique converts a malicious code into a grayscale image. The project hopes that by converting these codes into an image, it will be easier for them to detect and classify it.
Once the system successfully converts the code into an image, researchers will analyze its structural and textural patterns. Through these techniques, the researchers are expecting to classify a nonthreatening code from a malicious one.
Static Malware-as-Image Network Analysis: #STAMINA – Scalable Deep Learning approach for Malware classification https://t.co/N5svTEuKcB#infosec #MalwareAnalysis #MachineLearning pic.twitter.com/o3ljLPxmyd
— D09r (@d09r_) May 14, 2020
The new technique is utilizing real-world data set from both Microsoft and Intel. Both tech giants have a vast collection of data pertaining to malware. The companies also have separate deep learning projects that focus on malware classification.
What separates STAMINA from other malware detection techniques is its unique ability to examine codes with triggering it. STAMINA can essentially study a suspected malicious piece of code without executing it or even monitor its runtime behavior.
How STAMINA works
The new STAMINA technique utilizes three particular stages. First, the technique converts the malicious code into an image. Next, the program uses deep learning methods to create a structure and pattern. Lastly, researchers will evaluate the result of the second stage.
Reports claim that STAMINA has an impressive 99% accuracy when it comes to classifying malicious programs. Additionally, the technique posts an equally impressive 2.6% false-positive rating.
While this new technique is revolutionary, it is still it in early phase and there are still a lot to learn. For one, the technique is extremely effective only when analyzing small file sizes. Unsurprisingly, STAMINA lags when checking larger file sizes.
Microsoft explains:
“For bigger size applications, STAMINA becomes less effective due to limitations in converting billions of pixels into JPEG images and then resizing them.”
Microsoft and Intel claim that there is still a lot of room for STAMINA to grow. Since the project is still in its infancy, the tech giants are working to refine the program’s detection and analytical process.
Regardless of its current performance, both Microsoft and Intel are optimistic about the project. The two companies expect that this new malware detection technique will be successful.
Image courtesy of Sompetch Khanakornpratip/Shutterstock