Malware binaries also know as grey scale images are very similar in layout and texture. Considering the visual familiarity of these malware images they are classified into standard image features. The standard classification involves interesting somersault to popular evasive technique such as section encryption.
Old school methods towards analysing malware involves extraction of binary signature from malwares. On contrary, there are few other methods for analysing malwares which include static code analysis and dynamic code analysis. Both methods work in their own patterns, the static process works on inverse operation by exploring the control flow to look for malevolent patterns. Where as dynamic pattern works by implementing code in a effective domain. However there are some disadvantages associated with these two patterns.
CHARACTERIZATION
Static analysis covers everything completely but it usually suffers from code obscurity. Whereas dynamic analysis works efficiently and does not require decryption but it has a disadvantage of time and resource consuming which gives rise to capability issues. This paper is going to be very helpful in characterizing and analysing malware. Most classification techniques requires dispersion or implementation where as our procedure does not require either but shows significant furtherance in terms of performance. Our technique of classification is valuable for anti virus companies and technological researchers who receive hundred of malwares everyday.
CLASSIFICATION
Malwares belonging to a different family appear visually similar and distinct. We cannot deny that various malware families have distinct visual attributes. One of the most common methods of texture analysis is analysing the frequency content of texture block. Malware images are classified into image texture and feature vector and classifier. Image texture is associated with repeated patterns while identifying the frontiers of various texture region is the main goal of the texture patterns. Talking about the feature vector and classifier there have been assigned several features to analyse texture. One of the most common method of texture analysis is analysing the frequency context of a texture block.
Limitations
The technique we have discussed above is based on global image features while the image processing based approach is a dogmatic approach to analyse malware. To tackle against hazardous malwares we will explore more circumscribed feature extraction strategies that take into account the definite characteristics of malware binaries and their prehistoric binary segments. One more area of innovative task is flocks of malware using image based facets.
CONCLUSION
This paper represents a novel approach to malware analysis based on visualising and processing malware as images. A very commonly used malware binary is used to characterise the malware worldwide. In order to analyse malwares using modern techniques to open new horizons for users it is necessary to use computer vision techniques. As we have discussed above we took a completely non identical and modern approach to signalize and scrutinize malware. Moreover it has become necessary to visualise and classify malwares using malware images. We came to a conclusion that in order to identify malware images we do not need code execution nor disassembly. However we have shown that traditional approaches towards analysing malware involve extraction of binary signatures from malwares followed by adding up their fingerprints while due to the rapid implication of malwares static code analysis and dynamic code analysis are required.
