Intel and Microsoft have collaborated on a research project involving what looks to be a novel method of analysis. The project converts malware samples into grayscale images before scanning them for textural and structural patterns. Aptly, the companies call the project STAMINA (STAtic Malware-as-Image Network Analysis).
The Intel-Microsoft research team says the process starts with taking an input file and converting its binary form into raw pixel data. This is then converted into a 2D image for image analysis algorithms to analyze.
After the conversion process, the resulting image from a malware could have billions of pixels, which the STAMINA research team resizes to a smaller resolution. This is done to speed up the process. The researchers also say resizing the raw image didn’t negatively impact the results.
The image analysis is done by a deep neural network that was trained using a sample of 2.2 million infected Portable Executable file hashes. Using this, project STAMINA has an accuracy of 99.07%, with a false positive rate of 2.58%.
While the results look great, this method will likely only be used with smaller files. Microsoft says that STAMINA struggles with larger files. This is due to limitations of converting billions of pixels into a JPEG file and then resizing them.