Robustness of Image-Based Malware Analysis

Author

Katrina Tran, San Jose State University

Publication Date

Spring 2022

Degree Type

Master's Project

Degree Name

Master of Science (MS)

Department

Computer Science

First Advisor

Mark Stamp

Second Advisor

Fabio Di Troia

Third Advisor

Thomas Austin

Keywords

Imaged based malware detection, CCN, kNN

Abstract

Being able to identify malware is important in preventing attacks. Image-based malware analysis is the study of images that are created from malware. Analyzing these images can help identify patterns in malware families. In previous work, "gist descriptor" features extracted from images have been used in malware classification problems and have shown promising results. In this research, we determine whether gist descriptors are robust with respect to malware obfuscation techniques, as compared to Convolutional Neural Networks (CNN) trained directly on malware images. Using the Python Image Library, we create images from malware executables and from malware that we obfuscate. We conduct experiments to compare classifying these images with a CNN as opposed to extracting the gist descriptor features from these images to use in classification. For the gist descriptors, we consider a variety of classification algorithms including k-nearest neighbors, random forest, support vector machine, and multi-layer perceptron. We find that gist descriptors are more robust with respect to our obfuscation techniques, as compared to a CNN.

Recommended Citation

Tran, Katrina, "Robustness of Image-Based Malware Analysis" (2022). Master's Projects. 1090.
DOI: https://doi.org/10.31979/etd.nuue-6eut
https://scholarworks.sjsu.edu/etd_projects/1090