malware analysis using visualized image matrices
play

Malware Analysis Using Visualized Image Matrices Tzu-Ming Huang - PowerPoint PPT Presentation

Jan 21, 2024 •573 likes •805 views

Malware Analysis Using Visualized Image Matrices Tzu-Ming Huang CISC850 Cyber Analy@cs CISC850 Cyber Analy@cs Overview malware visual analysis method convert binary files into images Reduce computa@on major block

  1. Malware Analysis Using Visualized Image Matrices Tzu-Ming Huang CISC850 Cyber Analy@cs

  2. CISC850 Cyber Analy@cs Overview • malware visual analysis method – convert binary files into images • Reduce computa@on – major block – similarity calcula@on method between these images

  3. Method Overview

  4. Extract opcode sequences from binary 1. 2. 3. 1.

  5. Repe@@on Filtering

  6. Extract opcode sequences from binary 1. 2. 3. 1.

  7. Major Block Selec@on • Not all of the basic blocks (file header, meaning less blocks) • Target suspicious behavior • Blocks include “CALL” instruc@on

  8. Major Block Selec@on

  9. Extract opcode sequences from binary 1. 2. 3. 1.

  10. Parsing Opcode Sequence • First three characters of opcode – 41.4% of opcodes have3 characters – Meaning is maintained – Eg. PUSH -> PUS; CALL -> CAL; OR? • These three-character opcodes are concatenated together

  11. Parsing Opcode Sequence

  12. Generate Image Matrix • Use hash func@on ( SimHash ) to decide X-Y coordinate and RGB colors of the pixels • Length and width of matrix are 2 n (8) • If hash in same X-Y coordinate, simply sum the RGB colors value

  13. Generate Image Matrix

  14. Choose Representa@ve Image Matrix

  15. Similarity Calcula@on Using Image Matrix • Faster performance than opcode string comparison • Finding pairs in string: O(n 2 ) • Simhash and calculate similarity in image: O(n)

  16. Similarity Calcula@on Using Image Matrix

  17. Similarity Calcula@on Using Image Matrix • vector angular-based distance measurement algorithm – Pixels are viewed as 3D vector

  18. Similarity Calcula@on Using Image Matrix

  19. Experiment: Major Blocks Selec@on?

  20. Experiment: Major Blocks Selec@on?

  21. Experiment: Feasibility

  22. Experiment: Feasibility • Similarity of sample malwares from same family: 0.19 ~ 0.36 • Similarity of sample malwares from different family: < 0.05 • Classifica@on accuracy = 0.9896

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Malware analysis using visualized images and entropy graphs Kyoung Soo Han Jae Hyun Lim

Malware analysis using visualized images and entropy graphs Kyoung Soo Han Jae Hyun Lim

Malware analysis using visualized images and entropy graphs Kyoung Soo Han Jae Hyun Lim Boojoong Kang Eul Gyu Im Presented by Ruikai Zheng CISC850 Cyber Analytics 1.Introduction Malware variants developed using automated tools

206 views • 20 slides
Entrapment: Tricking Malware with Transparent, Scalable Malware Analysis Paul Royal

Entrapment: Tricking Malware with Transparent, Scalable Malware Analysis Paul Royal

Entrapment: Tricking Malware with Transparent, Scalable Malware Analysis Paul Royal paul@gtisc.gatech.edu Agenda Modern Malware Obfuscations, Server-side Polymorphism, Collection Volume Malware Analysis Detection

504 views • 27 slides
GOODWARE DRUGS FOR MALWARE: ON-THE-FLY MALWARE ANALYSIS AND CONTAINMENT DAMIANO BOLZONI

GOODWARE DRUGS FOR MALWARE: ON-THE-FLY MALWARE ANALYSIS AND CONTAINMENT DAMIANO BOLZONI

GOODWARE DRUGS FOR MALWARE: ON-THE-FLY MALWARE ANALYSIS AND CONTAINMENT DAMIANO BOLZONI CHRISTIAAN SCHADE TWENTE SECURITY LAB UNIVERSITY OF TWENTE THE NETHERLANDS AGENDA Something about malware Malware internals Current analysis

398 views • 27 slides
Android Malware Analysis on Attacks and Defense Android malware Android malware With the

Android Malware Analysis on Attacks and Defense Android malware Android malware With the

Android Malware Analysis on Attacks and Defense Android malware Android malware With the explosive growth of mobile device market and usage, there is an increasing number of malicious mobile applications targeting these devices and

819 views • 44 slides
Getting started with malware analysis Judith van Stegeren Definitions Malware : any software that

Getting started with malware analysis Judith van Stegeren Definitions Malware : any software that

Getting started with malware analysis Judith van Stegeren Definitions Malware : any software that does something that causes harm to a user, computer or network, including viruses, trojan horses, worms, rootkits, scareware and spyware. Malware

119 views • 9 slides
A CUCKOOS EGG IN THE MALWARE NEST ON-THE-FLY SIGNATURE-LESS MALWARE ANALYSIS, DETECTION AND

A CUCKOOS EGG IN THE MALWARE NEST ON-THE-FLY SIGNATURE-LESS MALWARE ANALYSIS, DETECTION AND

A CUCKOOS EGG IN THE MALWARE NEST ON-THE-FLY SIGNATURE-LESS MALWARE ANALYSIS, DETECTION AND CONTAINMENT FOR LARGE NETWORKS CHRISTIAAN SCHADE TWENTE SECURITY LAB UNIVERSITY OF TWENTE THE NETHERLANDS MALWARE WARS In the last

313 views • 14 slides
Image Processing Todays Class Image Representations: Matrices Image Representations: RGB,

Image Processing Todays Class Image Representations: Matrices Image Representations: RGB,

CS6501: Deep Learning for Visual Recognition Image Processing Todays Class Image Representations: Matrices Image Representations: RGB, HSV, etc Image Processing: Brightness Image Filtering: Mean Filter, Median Filter Image Filtering:

959 views • 77 slides
Impeding Automated Malware Analysis with Environment-sensitive Malware Chengyu Song , Paul Royal

Impeding Automated Malware Analysis with Environment-sensitive Malware Chengyu Song , Paul Royal

Impeding Automated Malware Analysis with Environment-sensitive Malware Chengyu Song , Paul Royal and Wenke Lee College of Computing Georgia Institute of Technology Agenda l Background l Defeating Automated Malware Analysis Host

1.28k views • 28 slides
CS7038 - Malware Analysis - Wk07.2 Malware Research Online Coleman Kane kaneca@mail.uc.edu

CS7038 - Malware Analysis - Wk07.2 Malware Research Online Coleman Kane kaneca@mail.uc.edu

CS7038 - Malware Analysis - Wk07.2 Malware Research Online Coleman Kane kaneca@mail.uc.edu February 22, 2018 Exploring the Online Ecosystem One nice aspect of malware analysis is that, since much of it originates online and

119 views • 10 slides
CS7038 - Malware Analysis - Wk03.1 Malware Taxonomy and Terminology Coleman Kane

CS7038 - Malware Analysis - Wk03.1 Malware Taxonomy and Terminology Coleman Kane

CS7038 - Malware Analysis - Wk03.1 Malware Taxonomy and Terminology Coleman Kane kaneca@mail.uc.edu January 24, 2017 Why Classification is Important Malware classification helps us in multiple ways. Here are a couple key ways:

787 views • 16 slides
MazeWalker Enriching static malware analysis and more Yevgeny Kulakov @p_h_0_e_n_i_x About Me

MazeWalker Enriching static malware analysis and more Yevgeny Kulakov @p_h_0_e_n_i_x About Me

MazeWalker Enriching static malware analysis and more Yevgeny Kulakov @p_h_0_e_n_i_x About Me Malware RE @ Trusteer, IBM, Seculert binary analysis automation sandbox development Now in vEYE Security on software container

591 views • 48 slides
How does Malware Use RDTSC? A Study on Operations Executed by Malware with CPU Cycle Measurement

How does Malware Use RDTSC? A Study on Operations Executed by Malware with CPU Cycle Measurement

How does Malware Use RDTSC? A Study on Operations Executed by Malware with CPU Cycle Measurement Yoshihiro Oyama University of Tsukuba 1 Background Many malware programs execute operations for analysis evasion Detection of

346 views • 31 slides
Malware Halting 1. Malware 2. Software diversity Part I: Method Development 3. Computer

Malware Halting 1. Malware 2. Software diversity Part I: Method Development 3. Computer

Overview Malware Halting 1. Malware 2. Software diversity Part I: Method Development 3. Computer immunization Kjell Jrgen Hole Simula@UiB 4. Epidemiological model 5. Malware halting analysis 6. Malware halting method Last updated

672 views • 29 slides
Examples of modern malware Malware Analysis Seminar Meeting 7 Cody Cutler, Anton Burtsev

Examples of modern malware Malware Analysis Seminar Meeting 7 Cody Cutler, Anton Burtsev

Examples of modern malware Malware Analysis Seminar Meeting 7 Cody Cutler, Anton Burtsev Stuxnet (2009) Organization Core a large .dll file 2 encrypted configuration files Dropper component Core in a stub section

703 views • 43 slides
T owards Network Containment in Malware Analysis Systems Mariano Graziano, Corrado Leita, Davide

T owards Network Containment in Malware Analysis Systems Mariano Graziano, Corrado Leita, Davide

T owards Network Containment in Malware Analysis Systems Mariano Graziano, Corrado Leita, Davide Balzarotti ACSAC, Orlando, Florida, 3-7 December 2012 Malware Analysis Scenario Analysis based on Sandboxes (API Hooking, Emulation)

798 views • 23 slides
Anti-anti-malware (part 3) / Stack Smashing 1 last time various kinds of armored malware

Anti-anti-malware (part 3) / Stack Smashing 1 last time various kinds of armored malware

Anti-anti-malware (part 3) / Stack Smashing 1 last time various kinds of armored malware malware that evades analysis 2 logistics: LEX homework detect push ret pattern using fmex probably easier than TRICKY 3 upcoming exam next Wednesday

496 views • 48 slides
MBS FileMaker Plugin Christian Schmitz Monkeybread Software MBS FileMaker Plugin 4900 functions

MBS FileMaker Plugin Christian Schmitz Monkeybread Software MBS FileMaker Plugin 4900 functions

MBS FileMaker Plugin Christian Schmitz Monkeybread Software MBS FileMaker Plugin 4900 functions 648 new functions in 2015 852 new functions in 2016 635 new functions in 2017 already 500 example databases. MBS FileMaker Plugin One Plugin

934 views • 67 slides
Git: A Guide for Economists Frank Pinter 22 February 2019 1 / 32 Outline The importance of

Git: A Guide for Economists Frank Pinter 22 February 2019 1 / 32 Outline The importance of

Git: A Guide for Economists Frank Pinter 22 February 2019 1 / 32 Outline The importance of version control Getting started on a project Using Git Using Git for collaboration 2 / 32 What is version control? Version control is a way to keep

597 views • 32 slides
Final Advisor Mr. Harker Presentation May15-03 Agenda System Technical Project Problem

Final Advisor Mr. Harker Presentation May15-03 Agenda System Technical Project Problem

Team (May 15-03) Shawn LaGrotta lagrotta@iastate.edu Matt Eckes mweckes@iastate.edu Jacob Mayer jdmayer@iastate.edu Trevor Boone tdboone@iastate.edu Jacob Schulz jschulz@iastate.edu Client HGST Final Advisor Mr. Harker Presentation

572 views • 40 slides
About me Operations Engineer - DevOps BS, MS, and CAS in Telecommunications

About me Operations Engineer - DevOps BS, MS, and CAS in Telecommunications

Analyzing large flow data sets using modern open-source data search and visualization tools FloCon 2014 Max Putas About me Operations Engineer - DevOps BS, MS, and CAS in Telecommunications Work/research interests System

614 views • 22 slides
Examining Self- Modifying Code Drew Ivarson, Union College CS Department Advisors: Prof.

Examining Self- Modifying Code Drew Ivarson, Union College CS Department Advisors: Prof.

Examining Self- Modifying Code Drew Ivarson, Union College CS Department Advisors: Prof. Anderson, Prof. Spinelli Overview Background Motivation My contributions Examining Self-Modifying Code What code am I talking about?

593 views • 27 slides
CDF Data production model CDF Data production model S. Hou S. Hou for the CDF data production

CDF Data production model CDF Data production model S. Hou S. Hou for the CDF data production

CDF Data production model CDF Data production model S. Hou S. Hou for the CDF data production team for the CDF data production team 02 May 2006 02 May 2006 CDF data production model 2 Outline Outline Data streams - trigger, streaming,

758 views • 31 slides
Mayors Office of Economic Development FY 21 Budget Hearing John Barros, Chief May 12, 2020

Mayors Office of Economic Development FY 21 Budget Hearing John Barros, Chief May 12, 2020

Mayors Office of Economic Development FY 21 Budget Hearing John Barros, Chief May 12, 2020 Office of Economic Development Panel John Barros, Chief of Economic Development Celina Barrios-Millner, Director of Equity and Inclusion

471 views • 31 slides
Combating Malware in the age of APT SANS Digital Forensic and Incident Response Summit July 2010

Combating Malware in the age of APT SANS Digital Forensic and Incident Response Summit July 2010

Combating Malware in the age of APT SANS Digital Forensic and Incident Response Summit July 2010 Jason Garman CTO, Kyrus Technology New directions for malware Malicious code used in APT attacks are usually: Not sexy the

409 views • 24 slides

More recommend