Two of the biggest names in the tech industry are collaborating on a new research project that will explore a new approach to detecting and classifying malware.
Microsoft and Intel call the project STAMINA (Static Malware-as-Image Network Analysis). It's a system that converts samples of malware into grayscale images and then scans the image for structural and textural patterns specific to malware samples.
STAMINA is part of Microsoft's recent efforts to improve its capability to detect malware by employing machine learning techniques. It uses deep learning, which is a subset of machine learning (ML), a branch of artificial intelligence (AI). The approach converts the binary form of an input file into a simple stream of pixels and turns that into a picture with dimensions that vary depending on aspects like file size.
For the first part of the collaboration, the researchers built on Intel's prior work on deep transfer learning for static malware classification and used a real-world dataset from Microsoft to ascertain the practical value of approaching the malware classification problem as a computer vision task.
According to Microsoft, STAMINA works fast and accurately when working with smaller files. The company will have to improve how it works with larger files, however.
"For bigger size applications, STAMINA becomes less effective due to limitations in converting billions of pixels into JPEG images and then resizing them," Microsoft said in a blog post last week.
Tanmay Ganacharya, Director for Security Research of Microsoft Threat Protection in an interview earlier in May said that the company is now more reliant on machine learning for detecting malicious threats. STAMINA uses a different machine learning module that is being distributed to Microsoft servers or customer systems.
Ganacharya added that Microsoft now uses cloud-side machine learning model engines, machine learning model engines, and machine learning modules for capturing sequences of behavior or capturing the content of the file itself.
The reported results of STAMINA have the potential to become one of those machine learning modules that Microsoft will soon use as a way to detect and get rid of malware.
Microsoft will have no trouble making this approach work because its Windows Defender installs more than enough to gather a huge amount of data, more than any other companies out there.
Microsoft and Intel developed STAMINA to address drawbacks in today's antivirus scanning technology. The detection approaches can also involve disassembling a piece of malware into metadata to find trace signs of dangerous behavior.
