Microsoft and Intel have a novel approach to malware classification: visualisation. They collaborate on STAMINA (Static Malware-as-Image Network Analysis), a project that turns rogue code into grayscale images in order to be studied by a deep learning system. The approach converts the binary form of an input file into a simple pixel stream and turns it into a dimensional image that varies depending on aspects such as file size. A trained neural network then determines which file has been infected (if anything).
ZDNet noted that the AI is trained to collect huge amounts of data from Windows Defenders installations that Microsoft has. The technology doesn’t need full-size, pixel-by – pixel virus recreations, which makes sense when large malware can easily be translated into gigantic images.
STAMINA has proven to be mostly effective so far, with just over 99 per cent accuracy in malware classification and a slightly below 2.6 per cent false positive rate. It does have its limits, though. Small files work well but struggle with larger ones.
That could be very useful, though, with enough refinement. Most malware detection relies on extracting binary signatures or fingerprints, but this is made impractical by the sheer number of signatures. This could help to effectively keep up with anti-malware tools and reduce the chances of security threats that will slip past defenses.