Publication Date

Spring 2017

Degree Type

Master's Project

Degree Name

Master of Science (MS)


Computer Science

First Advisor

Mark Stamp

Second Advisor

Robert Chun

Third Advisor

Thomas Austin


Malware, Image Binaries


Malware analysis can be based on static or dynamic analysis. Static analysis includes signature-based detection and other forms of analysis rely only on features that can be extracted without code execution or emulation. In contrast, dynamic analysis depends on features extracted at runtime (or via emulation) such as API calls, patterns of memory access, and so on. Dynamic analysis can be more informative and is generally more robust, but static analysis is typically more efficient. In this research, we implement, test, and analyze malware scores based on image processing. Previous work has shown that useful malware scores can be obtained when binaries are treated as images. We test a wide variety of image processing techniques and machine learning techniques. Further, we develop a dataset that is designed to evade detection mechanisms that employ image analysis.