KEY POINTS

  • Two tech giants collaborate in a new approach in identifying malware
  • They use the program STAMINA in the process of malware identification
  • High accuracy in malware identification is obtained through STAMINA

A collaboration between two tech giants is working on how to detect and classify malware.

Intel Labs and Microsoft’s Threat Protection Intelligence Team have joined hands in creating images out of malware samples that can be used to detect malicious code, according to TechXplore.

The new technique uses Statix Malware-as-Image Network Analysis in converting malware samples into a program that converts data into grayscale images. These are then analyzed for structural and textural patterns specific to known malware samples, according to TechRadar. These patterns are utilized to identify a benign from malicious code.

The study relied on the real-world data set from Microsoft and on Intel’s earlier work on deep transfer learning for static malware classification.

Malware detection is allowed by static analysis without the need to execute code or monitor runtime behavior. Moreover, detection of threats is done before being triggered, as reported by Microsoft on its security blog about STAMINA on Friday (May 8).

The researchers explain that “high accuracy” and “low false positives” are achieved because of the massive dataset of malware code of Microsoft collected through its Defender security system.

"While static analysis is typically associated with traditional detection methods. It remains to be an important building block for AI-driven detection of malware. It is especially useful for pre-execution detection engines: static analysis disassembles code without having to run applications or monitor runtime behavior," as reported in TechXplore.

The program involves three stages: image conversion, transfer learning, and evaluation. Malware code was converted into two-dimensional images through resizing and pixel conversion. Transfer learning was used to apply knowledge obtained about detected malware in one task to unidentified code with similar structures. The final step was the evaluation.

STAMINA has 99% accuracy in classifying malware and a below 2.6% false-positive rate. It works best with small files but finds it challenging with larger ones, according to Yahoo.

Malware
A growing number of ready-made exploit kits known as EKs are using deceptive fileless attacks creating bigger challenges to defenders and compromising victims. Christoph Scholz/Flickr