Detecting malware, especially zero-day attacks (viruses security software has never encountered before) is difficult. Using, essentially, visual pattern matching could stop these attacks dead in their tracks.
ANDRZEJ WOJCICKI / Getty Images
A picture of malware could be worth millions of protected PCs, provided Microsoft and Intel’s research proves useful. The two tech giants are collaborating on a new malware detection technique that uses image analysis to detect and identify malicious code.
Behind the science: In a blog post, Microsoft and Intel outlined how they’re using something called static malware-as-image network analysis (STAMINA) to convert the malware code into gray scale images, with each byte getting its own level of color (gray) intensity. The team then analyzed the visual data to see if STAMINA could use deep learning to accurately identify real-world malware.
- 92% of malware is delivered by email
- 99% of discovered mobile malware hosted on third-party app stores
- MacOS malware has increased by 165%
- Trojans make up 51.45% of all malware
How’d they do: “The joint research showed that applying STAMINA to real-world hold-out test data set achieved a recall of 87.05% at 0.1% false positive rate, and 99.66% recall and 99.07% accuracy at 2.58% false positive rate overall,” explained the research team. In other words, they did well.
Still early: While the results were promising, Microsoft and Intel say the system can struggle with converting large datasets into resizable JPEG images.
Bottom line: This proof of concept could mean faster threat detection at a local level, meaning your computer and mobile devices, which, someday, could literally see malware coming before it infects them.