Byte Visualization Method for Malware Classification

Byte Visualization Method for Malware Classification

연구 분야: Safety

학회: ICMLT '20: Proceedings of the 2020 5th International Conference on Machine Learning Technologies

The exponential increase in the number of malware stems from the fact that attackers often create malware variants with automated tools. And automated tools generally tend to reuse similar function modules. It is essential, therefore, that security analysts distinguish malware families by recognizing similar modules. For this reason, we present a new visualization method for malware pedigree analysis, using visual similarities in the byte distributions of malware to implement classification. The method converts malware samples into dot plot patterns, and then searches for k-nearest neighbors of every tested sample with the Jaccard distance to determine its family. To evaluate the classification performance of the proposed method, we randomly collected 771 harmful binary files from 72 malware families on the VX Heavens website. With the value of k varying between 1 and 9, our method had the best accuracy of 92.48% when k = 1.The experimental results show that the proposed method can distinguish malware families effectively.