Microsoft and Intel turn malware into images to accelerate detection

Results of STAMINA project "encourage the use of deep transfer learning" for malware classification

Microsoft and Intel have collaborated on a new research project which uses a deep learning technique to identify malware through the analysis of images. 

The project, titled Static Malware-as-Image Network Analysis (STAMINA), advances on the approach that malware can be classified at scale by performing static analysis on malware codes represented as images. Based on that, it aims to detect malware by transforming malware samples into grayscale images and then scanning them for specific textural and structural patterns.

In order to establish the practicality of the STAMINA approach, researchers from Microsoft Threat Protection Intelligence Team and Intel Labs covered three main steps: image conversion, transfer learning, and evaluation.

Advertisement - Article continues below

First, the researchers converted malware binaries into two-dimensional images, they then used the transfer learning technique to accelerate training time “while maintaining high classification performance”. Finally, they evaluated the performance of the system on a holdout test set. The study showed that applying STAMINA achieved a recall of 87.05% at a 0.1% false-positive rate, and a 99.66% recall and 99.07% accuracy at a 2.58% false-positive rate.

In a blog post detailing the study, Jugal Parikh and Marc Marino of the Microsoft Threat Protection Intelligence Team said that the results “certainly encourage the use of deep transfer learning for the purpose of malware classification”.

Advertisement
Advertisement - Article continues below

“It helps accelerate training by bypassing the search for optimal hyperparameters and architecture searches, saving time and compute resources in the process,” they said.

Parikh and Marino also said that the joint research is “a good starting ground for more collaborative work” between Microsoft and Intel. 

“For example, the researchers plan to collaborate further on platform acceleration optimizations that can allow deep learning models to be deployed on client machines with minimal performance impact. Stay tuned,” they said.

Advertisement - Article continues below

A new way of detecting malware is undoubtedly a welcome innovation in a time when most employees are working from home due to the coronavirus lockdown, exposing businesses to a higher rate of cyber attacks. 

Last month, Microsoft warned that cyber criminals are taking advantage of the ongoing coronavirus crisis to trick users into downloading malware onto their devices. In a statement on Twitter, Microsoft Security Intelligence said that hackers are posing as the “Usa Volunteer Organization” and the “Usa Humanitarian Group” and are sending out hundreds of emails offering free COVID-19 medical advice and testing. Each email aims to install the Trickbot malware using “unique macro-laced” document attachments.

Featured Resources

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Remote working 2020: Advantages and challenges

Discover how to overcome remote working challenges

Download now

Keep your data available with snapshot technology

Synology’s solution to your data protection problem

Download now

After the lockdown - reinventing the way your business works

Your guide to ensuring business continuity, no matter the crisis

Download now
Advertisement

Recommended

Malware attacks using machine identities doubled in 2019
cyber security

Malware attacks using machine identities doubled in 2019

4 Aug 2020
Over two dozen Android apps found stealing user data
Google Android

Over two dozen Android apps found stealing user data

7 Jul 2020
Best antivirus for Windows 10
antivirus

Best antivirus for Windows 10

30 Jun 2020
Searching for a new job? That LinkedIn job offer may be fake
hacking

Searching for a new job? That LinkedIn job offer may be fake

19 Jun 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
UN report points to a 350% rise in phishing websites at start of 2020
phishing

UN report points to a 350% rise in phishing websites at start of 2020

7 Aug 2020