Orthogonal Approach to Malware Detection and Classification

Today's commercial Antivirus defense mechanisms are based on scanning systems for suspicious activity. If such an activity is found, the suspect files are either quarantined or the vulnerable system is patched with an update. In turn, the Antivirus software are also updated with new signatures to identify such activities in future. Such scanning methods are based on a variety of techniques such as static analysis, dynamic analysis and other heuristics based techniques, which are often slow to react to new attacks and threats. This Phase II project aims at developing orthogonal approaches based on signal/image processing and pattern recognition. Building upon the Phase I findings, we we will develop MALSEE, a tool to detect malware with high accuracy and precision, Next we will develop an engine that integrates signal/image based malware techniques with standard security methods and provide insights both from a signal/image and security point of view. Since our methodologies are agnostic of the operating systems and platforms, we will extend our developed methods to handle malware belonging to different platforms. Finally we will focus on mapping millions of malware to points in 2D/3D space using signal/image similarity descriptors and security descriptors, for detection and visualization.