Robustness of Image-Based Malware Analysis

Authors

Katrina Tran, San Jose State University
Fabio Di Troia, San Jose State UniversityFollow
Mark Stamp, San Jose State UniversityFollow

Publication Date

1-1-2022

Document Type

Conference Proceeding

Publication Title

Communications in Computer and Information Science

Volume

1683 CCIS

DOI

10.1007/978-3-031-24049-2_1

First Page

3

Last Page

21

Abstract

In previous work, “gist descriptor” features extracted from images have been used in malware classification problems and have shown promising results. In this research, we determine whether gist descriptors are robust with respect to malware obfuscation techniques, as compared to Convolutional Neural Networks (CNN) trained directly on malware images. Using the Python Image Library (PIL), we create images from malware executables and from malware that we obfuscate. We conduct experiments to compare classifying these images with a CNN as opposed to extracting the gist descriptor features from these images to use in classification. For the gist descriptors, we consider a variety of classification algorithms including k-nearest neighbors, random forest, support vector machine, and multi-layer perceptron. We find that gist descriptors are more robust than CNNs, with respect to the obfuscation techniques that we consider.

Keywords

Convolutional neural network, Gist descriptors, Malware

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 License.

Department

Computer Science

Recommended Citation

Katrina Tran, Fabio Di Troia, and Mark Stamp. "Robustness of Image-Based Malware Analysis" Communications in Computer and Information Science (2022): 3-21. https://doi.org/10.1007/978-3-031-24049-2_1