Malware Analysis Using Visualized Image Matrices
This paper proposes a novel malware visual analysis method that contains not only a visualization method to convert binary files into images, but also a similarity calculation method between these images. The proposed method generates RGB-colored pixels on image matrices using the opcode sequences e...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Wiley
2014-01-01
|
| Series: | The Scientific World Journal |
| Online Access: | http://dx.doi.org/10.1155/2014/132713 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1832550116282597376 |
|---|---|
| author | KyoungSoo Han BooJoong Kang Eul Gyu Im |
| author_facet | KyoungSoo Han BooJoong Kang Eul Gyu Im |
| author_sort | KyoungSoo Han |
| collection | DOAJ |
| description | This paper proposes a novel malware visual analysis method that contains not only a visualization method to convert binary files into images, but also a similarity calculation method between these images. The proposed method generates RGB-colored pixels on image matrices using the opcode sequences extracted from malware samples and calculates the similarities for the image matrices. Particularly, our proposed methods are available for packed malware samples by applying them to the execution traces extracted through dynamic analysis. When the images are generated, we can reduce the overheads by extracting the opcode sequences only from the blocks that include the instructions related to staple behaviors such as functions and application programming interface (API) calls. In addition, we propose a technique that generates a representative image for each malware family in order to reduce the number of comparisons for the classification of unknown samples and the colored pixel information in the image matrices is used to calculate the similarities between the images. Our experimental results show that the image matrices of malware can effectively be used to classify malware families both statically and dynamically with accuracy of 0.9896 and 0.9732, respectively. |
| format | Article |
| id | doaj-art-0d278388d1d6415085dc10ee00f8d3ce |
| institution | Kabale University |
| issn | 2356-6140 1537-744X |
| language | English |
| publishDate | 2014-01-01 |
| publisher | Wiley |
| record_format | Article |
| series | The Scientific World Journal |
| spelling | doaj-art-0d278388d1d6415085dc10ee00f8d3ce2025-02-03T06:07:34ZengWileyThe Scientific World Journal2356-61401537-744X2014-01-01201410.1155/2014/132713132713Malware Analysis Using Visualized Image MatricesKyoungSoo Han0BooJoong Kang1Eul Gyu Im2Department of Computer and Software, Hanyang University, Seoul 133-791, Republic of KoreaDepartment of Electronics and Computer Engineering, Hanyang University, Seoul 133-791, Republic of KoreaDivision of Computer Science and Engineering, Hanyang University, Seoul 133-791, Republic of KoreaThis paper proposes a novel malware visual analysis method that contains not only a visualization method to convert binary files into images, but also a similarity calculation method between these images. The proposed method generates RGB-colored pixels on image matrices using the opcode sequences extracted from malware samples and calculates the similarities for the image matrices. Particularly, our proposed methods are available for packed malware samples by applying them to the execution traces extracted through dynamic analysis. When the images are generated, we can reduce the overheads by extracting the opcode sequences only from the blocks that include the instructions related to staple behaviors such as functions and application programming interface (API) calls. In addition, we propose a technique that generates a representative image for each malware family in order to reduce the number of comparisons for the classification of unknown samples and the colored pixel information in the image matrices is used to calculate the similarities between the images. Our experimental results show that the image matrices of malware can effectively be used to classify malware families both statically and dynamically with accuracy of 0.9896 and 0.9732, respectively.http://dx.doi.org/10.1155/2014/132713 |
| spellingShingle | KyoungSoo Han BooJoong Kang Eul Gyu Im Malware Analysis Using Visualized Image Matrices The Scientific World Journal |
| title | Malware Analysis Using Visualized Image Matrices |
| title_full | Malware Analysis Using Visualized Image Matrices |
| title_fullStr | Malware Analysis Using Visualized Image Matrices |
| title_full_unstemmed | Malware Analysis Using Visualized Image Matrices |
| title_short | Malware Analysis Using Visualized Image Matrices |
| title_sort | malware analysis using visualized image matrices |
| url | http://dx.doi.org/10.1155/2014/132713 |
| work_keys_str_mv | AT kyoungsoohan malwareanalysisusingvisualizedimagematrices AT boojoongkang malwareanalysisusingvisualizedimagematrices AT eulgyuim malwareanalysisusingvisualizedimagematrices |