Method for Malware Detection and Classification using Image Processing Techniques
98% classification accuracy (matching state-of-the-art methods), but with improved performance: o Lower computational cost for malware analysis o Faster response to threats o Resilience to popular obfuscation techniques such as section encryption o Neither disassembly nor code execution needed for classification
Malware Detection Anti-Virus Software This technology is available for licensing.
Researchers at the University of California, Santa Barbara have developed SARVAM, a novel method for visualizing and classifying malware using image processing techniques, applicable to malware detection and anti-virus software. Initial experiments show that this technique has a classification accuracy of 98%, which is on par with the state of the art. However, this method avoids many of the drawbacks of current methods and thus exhibits improved performance. In particular, this technology has a lower computational cost for malware analysis, has a faster response to threats, is resilient to popular obfuscation techniques such as section encryption, and does not require disassembly or code execution for classification.
Other Information An online demo of SARVAM is available at this link: http://sarvam.ece.ucsb.edu/ Background Existing approaches for analyzing malware include static code analysis (which looks at the structure of the code) and dynamic code analysis (which runs the code in a virtual environment), both of which have specific strengths. However, static analysis suffers from code obfuscation due to the need to unpack and decrypt the code, while dynamic analysis may overlook malicious behavior due to an inadequate virtual environment. Both approaches are computationally heavy and time intensive. Additional Technologies by these Inventors Tech ID/UC Case 21993/2012-085-0 Related Cases 2012-085-0
USA
