A novel way has been found by Microsoft and Intel to detect computer viruses and that is training an antivirus program to “see” indications of malicious activities in the computer code.
First, a malware’s programming is converted into 2D images which can show visual patterns in the computer code. A program that is AI-powered can then scrutinize the images and look for features suggesting malicious behavior.
In a blog post, Microsoft wrote that if malware binaries are plotted as grayscale images, then the textural and structural patterns can be used to efficiently categorize binaries as either benign or malicious, as well as put malicious binaries into particular threat families.
To succeed in this, the companies transform the malware’s programing into a one-dimensional stream of digital pixels. Every byte in the malware’s code can be copied to relate to a different level pixel strength.
The pixel streams are then expanded into 2D images with the help of the malware’s file size after the conversion to regulate the width and height. This helped the Microsoft-Intel antivirus program to detect the malware’s features and guide itself to recognize them.
Some promising results are shown by this approach. When actual malware samples are tested, the antivirus program attained 99.07 percent precision with a false-positive rate of 2.87 percent.
The companies introduced STAMINA to tackle disadvantages in the current antivirus scanning technology. The detection approaches can also include dismantling a part of malware into metadata to look for the trace signs of harmful activities. However, hackers are consistently finding new means to disguise malicious activities, which makes computer virus detection difficult.
STAMINA could possibly add a new approach to find malware. This joint research is a good beginning for more such combined effort. For instance, the researchers propose to work together more on platform acceleration optimizations that can permit deep learning models to be installed on client machines with a slight effect on functioning.
However, the company clarifies that the approach has a significant limitation and that is it has an issue when it comes to dealing with large file sizes. Transforming them into a 2D image would need billions of pixels, which makes the detection process less realistic if the malware is packed up in a large program.