Binary visualisation for malware detection

Authors

Irina Baptista, University of Plymouth

Document Type

Engineering, Computing and Mathematics Article

Abstract

It is becoming increasingly harder to protect devices against security threats; as malware is steadily evolving defence mechanisms are struggling to persevere. This study introduces a concept intended at supporting security systems using Self-Organizing Incremental Neural Network (SOINN) and binary visualization. The system converts a file to its visual representation and sends the data for classification to SOINN. Tests were done to evaluate its performance and obtain an accuracy rate, which rounds the 80% figures at the moment, and false positive and negative rates. Bytes prevalence were also analysed with malware samples having a higher amount of null bytes compared with software samples, which may be a result of hiding malicious data or functionality. The patterns created by the samples were examined; malware samples had more clustering and created different patterns across the images whereas software samples presented mostly static and constant images although exceptions were noted in both categories.

Publication Date

2018-07-01

Publication Title

The Plymouth Student Scientist

Volume

11

Issue

1

First Page

223

Last Page

237

ISSN

1754-2383

Deposit Date

May 2019

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Recommended Citation

Baptista, Irina (2018) "Binary visualisation for malware detection," The Plymouth Student Scientist: Vol. 11: Iss. 1, Article 7.
DOI: https://doi.org/10.24382/cmav-g842
Available at: https://pearl.plymouth.ac.uk/tpss/vol11/iss1/7