Skip to main content
SpringerLink
Log in

Visual malware detection using local malicious pattern

  • Original Paper
  • Published:
Journal of Computer Virology and Hacking Techniques Aims and scope Submit manuscript

Abstract

In recent years, malware authors have had significant developments in offering new generations of malware and have tried to use different methods to make malware detection hard, so detecting malware has become one of the most important challenges for the security of computer systems. These developments have made detection of malware using conventional methods rather difficult and in many cases impossible. Thus, inventing new methods for detecting malware is critical. In this paper, a new method is proposed to detect unknown malware based on micro-patterns within the executable files. In the proposed method, for extracting required micro-patterns, one of the well-known methods in machine vision field is used. The proposed method works as follows: first executable files are converted into digital images; second, these images are used to extract visual features of the executable files; finally, machine learning methods are used to detect malware. The main idea of the proposed method is based on differences in the behavior and functionality of malware and benign files, where different behavior results in different micro-patterns which can be used to distinguish between malware and benign files. Accordingly, in this paper a textural image classification method is used which aims to extract micro-patterns of digital textural images, to detect and extract micro-patterns of executable files and use them to detect malware.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16

Similar content being viewed by others

Notes

  1. www.hex-rays.com/products/ida/index.shtml.

  2. http://vxheaven.org.

  3. http://www.eset.com.

  4. http://www.kaspersky.com.

  5. https://www.hex-rays.com/products/ida/.

References

  1. Bazrafshan, Z., Hashemi, H., Fard, S.M.H., Hamzeh, A.: A survey on heuristic malware detection techniques. In: IKT 2013—2013 5th Conference on Information and Knowledge Technology, pp. 113–120 (2013)

  2. Harrington, P.: Machine Learning in Action, vol. 5. Greenwich, CT: Manning (2012)

  3. Yang, Y., Newsam, S.: Comparing sift descriptors and gabor texture features for classification of remote sensed imagery. In: Proceedings of International Conference on Image Processing, ICIP, pp. 1852–1855 (2008)

  4. Ding, Y., Dai, W., Yan, S., Zhang, Y.: Control flow-based opcode behavior analysis for Malware detection. Comput. Secur. 44(2007), 65–74 (2014)

    Article  Google Scholar 

  5. Santos, I., Devesa, J., Brezo, F., Nieves, J., Bringas, P.G.: OPEM: a static-dynamic approach for machine-learning-based malware detection. Adv. Intell. Syst. Comput. (AISC) 189, 271–280 (2013)

    Google Scholar 

  6. Santos, I., Brezo, F., Ugarte-Pedrero, X., Bringas, P.G.: Opcode sequences as representation of executables for data-mining-based unknown malware detection. Inf. Sci. (Ny) 231, 64–82 (2013)

    Article  MathSciNet  Google Scholar 

  7. Devesa, J., Santos, I., Cantero, X., Penya, Y.K., Bringas, P.G.: Automatic behaviour-based analysis and classification system for malware detection. Computer (Long. Beach. Calif) 2, 395–399 (2010)

    Google Scholar 

  8. Khorsand, Z., Hamzeh, A.: A novel compression-based approach for malware detection using PE header. In: IKT 2013—2013 5th Conference on Information and Knowledge Technology, pp. 127–133 (2013)

  9. Zhou, Y., Inge, W.M.: Malware detection using adaptive data compression. In: Proceedings of the 1st ACM Work. Work. AISec, pp. 53–60 (2008)

  10. Hashemi, H., Azmoodeh, A., Hamzeh, A., Hashemi, S.: Graph embedding as a new approach for unknown malware detection. J. Comput. Virol. Hacking Tech. 13(3), 153–166 (2017)

    Article  Google Scholar 

  11. Lin, F., Cohen, W.W.: Power iteration clustering. In: Proceedings of 27th International Conference on Machine Learning, pp. 655–662 (2010)

  12. Farrokhmanesh, M., Hamzeh, A.: A novel method for malware detection using audio signal processing techniques. In: 2016 Artificial Intelligence and Robotics (IRANOPEN), pp. 85–91 (2016)

  13. Conti, G., Dean, E., Sinda, M., Sangster, B.: Visual reverse engineering of binary and data files. Vis. Comput. Secur. 1–17 (2008)

  14. Conti, G., et al.: A Visual Study of Primitive Binary Fragment Types. Black Hat USA, pp. 1–17 (2010)

  15. Yoo, I.: Visualizing windows executable viruses using self-organizing maps. In: Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security—VizSEC/DMSEC ’04, p. 82 (2004)

  16. Kohonen, T.: Self-organizing maps. Springer Ser. Inf. Sci. 30, 1–45 (2001)

    MathSciNet  MATH  Google Scholar 

  17. Han, K., Lim, J. H., Im, E. G.: Malware analysis method using visualization of binary files. In: Proceedings of the 2013 Research in Adaptive and Convergent Systems, pp. 317–321 (2013)

  18. Datar, M., Immorlica, N., Indyk, P., Mirrokni, V. S.: Locality-sensitive hashing scheme based on p-stable distributions. In: Proceedings of the Twentieth Annual Symposium on Computational Geometry—SCG ’04. p. 253 (2004)

  19. Ojala, S., Member, T., Ma, T.: Multiresolution gray-scale and rotation invariant texture classification with local binary patterns. IEEE Trans. Pattern Anal. Mach. Intell. 24(7), 971–987 (2002)

    Article  Google Scholar 

  20. Kirschen, R.H., O’Higgins, E.A., Lee, R.T.: The Royal London Space Planning: an integration of space analysis and treatment planning part I: assessing the space required to meet treatment objectives. Am. J. Orthod. Dentofac. Orthop. 118(4), 448–455 (2000)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, Shiraz University, Shiraz, Iran

    Hashem Hashemi & Ali Hamzeh

Authors
  1. Hashem Hashemi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ali Hamzeh
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ali Hamzeh.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Hashemi, H., Hamzeh, A. Visual malware detection using local malicious pattern. J Comput Virol Hack Tech 15, 1–14 (2019). https://doi.org/10.1007/s11416-018-0314-1

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11416-018-0314-1

Keywords

Search

Navigation