malware analysis using visualized images and entropy
play

Malware analysis using visualized images and entropy graphs Kyoung - PowerPoint PPT Presentation

Feb 15, 2024 •6 likes •206 views

Malware analysis using visualized images and entropy graphs Kyoung Soo Han Jae Hyun Lim Boojoong Kang Eul Gyu Im Presented by Ruikai Zheng CISC850 Cyber Analytics 1.Introduction Malware variants developed using automated tools

  1. Malware analysis using visualized images and entropy graphs Kyoung Soo Han · Jae Hyun Lim · Boojoong Kang · Eul Gyu Im Presented by Ruikai Zheng CISC850 Cyber Analytics

  2. 1.Introduction Malware variants developed using automated tools • Automated tools reuse modules • Similarities may exist among malware variants •

  3. 2.General Idea

  4. 3. Bitmap Image

  5. Bitmap Image converter

  6. Some examples

  7. 4. Entropy graph

  8. Entropy graph generator For each line of bitmap image: (suppose the image is 256 * 256)

  9. 5. Compute similarities • Align the x-axes(the heights of bitmap images) of the two entropy graphs

  11. Compute similarities • Compute K 1 and K 2 – K 1

  12. Compute similarities • Compute K 1 and K 2 – K 2

  14. Compute similarities • Similarity value

  15. Experiment result

  16. Experiment result

  17. Experiment result • Threshold – False positive rate – False negative rate

  18. Limitation • Malware applied with packing technique – The entropy values of binaries can be very high – Packed malware binaries are difficult to classify

  19. Conclusion The paper proposed a malware visualization method that • using binary grayscale bitmap images and entropy graphs. The paper proposed a method to calculate similarities of • malware to classify malware families. Experimental results showed that proposed method can • classify malware families with a small false-positive/false - negative rate.

  20. Thank you

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Malware Analysis Using Visualized Image Matrices Tzu-Ming Huang CISC850 Cyber Analy@cs CISC850

Malware Analysis Using Visualized Image Matrices Tzu-Ming Huang CISC850 Cyber Analy@cs CISC850

Malware Analysis Using Visualized Image Matrices Tzu-Ming Huang CISC850 Cyber Analy@cs CISC850 Cyber Analy@cs Overview malware visual analysis method convert binary files into images Reduce computa@on major block

805 views • 22 slides
Using Entropy Analysis to Find Encrypted and Packed Malware Paper written by Robert Lyda &

Using Entropy Analysis to Find Encrypted and Packed Malware Paper written by Robert Lyda &

Using Entropy Analysis to Find Encrypted and Packed Malware Paper written by Robert Lyda & James Hamrock Presented by Kevin Chu Keywords 2 Entropy - level of difficulty or the probability of independently predicting each number in a

189 views • 14 slides
Entrapment: Tricking Malware with Transparent, Scalable Malware Analysis Paul Royal

Entrapment: Tricking Malware with Transparent, Scalable Malware Analysis Paul Royal

Entrapment: Tricking Malware with Transparent, Scalable Malware Analysis Paul Royal paul@gtisc.gatech.edu Agenda Modern Malware Obfuscations, Server-side Polymorphism, Collection Volume Malware Analysis Detection

504 views • 27 slides
GOODWARE DRUGS FOR MALWARE: ON-THE-FLY MALWARE ANALYSIS AND CONTAINMENT DAMIANO BOLZONI

GOODWARE DRUGS FOR MALWARE: ON-THE-FLY MALWARE ANALYSIS AND CONTAINMENT DAMIANO BOLZONI

GOODWARE DRUGS FOR MALWARE: ON-THE-FLY MALWARE ANALYSIS AND CONTAINMENT DAMIANO BOLZONI CHRISTIAAN SCHADE TWENTE SECURITY LAB UNIVERSITY OF TWENTE THE NETHERLANDS AGENDA Something about malware Malware internals Current analysis

398 views • 27 slides
Android Malware Analysis on Attacks and Defense Android malware Android malware With the

Android Malware Analysis on Attacks and Defense Android malware Android malware With the

Android Malware Analysis on Attacks and Defense Android malware Android malware With the explosive growth of mobile device market and usage, there is an increasing number of malicious mobile applications targeting these devices and

819 views • 44 slides
INPUTS We made MNIST images

INPUTS We made MNIST images

INPUTS We made MNIST images binary (white or black) and computed shannon entropy for Max Entropy each pixel Entropy is close to maximum (50% white) for most pixels in

434 views • 26 slides
Getting started with malware analysis Judith van Stegeren Definitions Malware : any software that

Getting started with malware analysis Judith van Stegeren Definitions Malware : any software that

Getting started with malware analysis Judith van Stegeren Definitions Malware : any software that does something that causes harm to a user, computer or network, including viruses, trojan horses, worms, rootkits, scareware and spyware. Malware

119 views • 9 slides
A CUCKOOS EGG IN THE MALWARE NEST ON-THE-FLY SIGNATURE-LESS MALWARE ANALYSIS, DETECTION AND

A CUCKOOS EGG IN THE MALWARE NEST ON-THE-FLY SIGNATURE-LESS MALWARE ANALYSIS, DETECTION AND

A CUCKOOS EGG IN THE MALWARE NEST ON-THE-FLY SIGNATURE-LESS MALWARE ANALYSIS, DETECTION AND CONTAINMENT FOR LARGE NETWORKS CHRISTIAAN SCHADE TWENTE SECURITY LAB UNIVERSITY OF TWENTE THE NETHERLANDS MALWARE WARS In the last

313 views • 14 slides
Entropy, Relative Entropy, Cross Entropy Entropy Entropy, H(x) is a measure of the uncertainty of

Entropy, Relative Entropy, Cross Entropy Entropy Entropy, H(x) is a measure of the uncertainty of

Entropy, Relative Entropy, Cross Entropy Entropy Entropy, H(x) is a measure of the uncertainty of a discrete random variable. Properties: H(x) >= 0 Entropy Entropy Lesser the probability for an event, larger the entropy.

471 views • 21 slides
Impeding Automated Malware Analysis with Environment-sensitive Malware Chengyu Song , Paul Royal

Impeding Automated Malware Analysis with Environment-sensitive Malware Chengyu Song , Paul Royal

Impeding Automated Malware Analysis with Environment-sensitive Malware Chengyu Song , Paul Royal and Wenke Lee College of Computing Georgia Institute of Technology Agenda l Background l Defeating Automated Malware Analysis Host

1.28k views • 28 slides
Linear Algebra in File Compression: SVD and DCT By: Andrew Fraser How Are Images Stored?

Linear Algebra in File Compression: SVD and DCT By: Andrew Fraser How Are Images Stored?

Linear Algebra in File Compression: SVD and DCT By: Andrew Fraser How Are Images Stored? Images are generally stored and visualized through storing a 2D array of values, called Raster images, which are meant to correspond to the amount of

580 views • 25 slides
Comparison Between Bayesian and Maximum Entropy Analysis of Flow Networks 1 Maximum Entropy

Comparison Between Bayesian and Maximum Entropy Analysis of Flow Networks 1 Maximum Entropy

Comparison Between Bayesian and Maximum Entropy Analysis of Flow Networks 1 Maximum Entropy The Maximum Entropy (MaxEnt) method is a methodology to assign or update probability distributions to describe systems which are not completely

202 views • 17 slides
CS7038 - Malware Analysis - Wk07.2 Malware Research Online Coleman Kane kaneca@mail.uc.edu

CS7038 - Malware Analysis - Wk07.2 Malware Research Online Coleman Kane kaneca@mail.uc.edu

CS7038 - Malware Analysis - Wk07.2 Malware Research Online Coleman Kane kaneca@mail.uc.edu February 22, 2018 Exploring the Online Ecosystem One nice aspect of malware analysis is that, since much of it originates online and

119 views • 10 slides
CS7038 - Malware Analysis - Wk03.1 Malware Taxonomy and Terminology Coleman Kane

CS7038 - Malware Analysis - Wk03.1 Malware Taxonomy and Terminology Coleman Kane

CS7038 - Malware Analysis - Wk03.1 Malware Taxonomy and Terminology Coleman Kane kaneca@mail.uc.edu January 24, 2017 Why Classification is Important Malware classification helps us in multiple ways. Here are a couple key ways:

787 views • 16 slides
Prevalence and Impact of Low-Entropy Packing Schemes in the Malware Ecosystem Alessandro

Prevalence and Impact of Low-Entropy Packing Schemes in the Malware Ecosystem Alessandro

Prevalence and Impact of Low-Entropy Packing Schemes in the Malware Ecosystem Alessandro Mantovani (EURECOM), Simone Aonzo (UniGe), Xabier Ugarte Pedrero (CISCO), Alessio Merlo (UniGe), Davide Balzarotti (EURECOM) 1 Packing 2 Scope / Packing

686 views • 24 slides
Prevalence and Impact of Low-Entropy Packing Schemes in the Malware Ecosystem Alessandro

Prevalence and Impact of Low-Entropy Packing Schemes in the Malware Ecosystem Alessandro

Prevalence and Impact of Low-Entropy Packing Schemes in the Malware Ecosystem Alessandro Mantovani (EURECOM), Simone Aonzo (UniGe), Xabier Ugarte Pedrero (CISCO), Alessio Merlo (UniGe), Davide Balzarotti (EURECOM) 1 Packing 2 Scope / Packing

256 views • 23 slides
www.complyadvantage.com AN INTRODUCTION TO COMPLYADVANTAGE Automated Screening at The worlds

www.complyadvantage.com AN INTRODUCTION TO COMPLYADVANTAGE Automated Screening at The worlds

www.complyadvantage.com AN INTRODUCTION TO COMPLYADVANTAGE Automated Screening at The worlds only dynamic, real-time 1 Policy Quote and/or Bind database of people/companies that pose financial crime risk Proactive Monitoring of Policy

1.15k views • 13 slides
Robin Thorpe & Meenu Wadhwa Revised Guideline: Differences from original Condensed; much

Robin Thorpe & Meenu Wadhwa Revised Guideline: Differences from original Condensed; much

Revised Immunogenicity Guideline: Assays and methods- Presentation of the draft guideline and introduction of the topics for discussion Robin Thorpe & Meenu Wadhwa Revised Guideline: Differences from original Condensed; much

588 views • 17 slides
Near-Real-Time Air Monitoring for Chemical Warfare Agents in the Destruction of Chemical Munitions

Near-Real-Time Air Monitoring for Chemical Warfare Agents in the Destruction of Chemical Munitions

Near-Real-Time Air Monitoring for Chemical Warfare Agents in the Destruction of Chemical Munitions (at the Tooele Chemical Agent Destruction Facility, Deseret Chemical Depot, Utah) Dr. Gary D. Sides, Dr. George M. Lucier, and Mr. Randy Roten

511 views • 36 slides
Case Study: Active Vapor Mitigation System Design for a Complex Industrial Building Renovation

Case Study: Active Vapor Mitigation System Design for a Complex Industrial Building Renovation

Case Study: Active Vapor Mitigation System Design for a Complex Industrial Building Renovation Application of Multiple Active Depressurization Technologies (ADT) in the Renovation of a Historical Landmark Building 2nd Annual RE3 Conference

578 views • 30 slides
International For use outside the USA - these statements have not been evaluated by the FDA

International For use outside the USA - these statements have not been evaluated by the FDA

May 2020 2019 International For use outside the USA - these statements have not been evaluated by the FDA Biomerica COVID-19 May 2020 rev 1.pptx Who We Are We are an experienced manufacturer of FDA World Class Scientific Advisory Board

359 views • 14 slides
Joyce N. Malinga, JanKreuze, Maria Soto, March Ghislain, Simon Gichuki, Michela Akhwale,

Joyce N. Malinga, JanKreuze, Maria Soto, March Ghislain, Simon Gichuki, Michela Akhwale,

EVALUATION OF TRANSGENIC SWEETPOTATO ( Ipomoea batatas L. ) LINES AGAINST SWEETPOTATO VIRUS DISEASE(SPVD) COMPLEX Joyce N. Malinga, JanKreuze, Maria Soto, March Ghislain, Simon Gichuki, Michela Akhwale, Laura Karanj a, Alice Dok and Grace

364 views • 35 slides
GETTING FROM PROPOSAL TO PRESENTATION IN 72 HOURS Julie Marie Irvin President & Founder

GETTING FROM PROPOSAL TO PRESENTATION IN 72 HOURS Julie Marie Irvin President & Founder

Quick Start Interview Preparation: GETTING FROM PROPOSAL TO PRESENTATION IN 72 HOURS Julie Marie Irvin President & Founder Sign up for our monthly newsletter for more proposal and marketing tips! Grab your Text phones KEYSTONE to

721 views • 48 slides
Recording and Posting a Narrated PowerPoint Presentation Let me know if I can help! Zak

Recording and Posting a Narrated PowerPoint Presentation Let me know if I can help! Zak

Recording and Posting a Narrated PowerPoint Presentation Let me know if I can help! Zak Birchmeier canvas@stephens.edu 573-876-2392 1) Get a headset. Models that cost $40 are still good try Best Buy. (If you are local, GCS

279 views • 3 slides

More recommend