13 research outputs found
Malware Detection Using Frequency Domain-Based Image Visualization and Deep Learning
We propose a novel method to detect and visualize malware through image classification. The executable binaries are represented as grayscale images obtained from the count of N-grams (N=2) of bytes in the Discrete Cosine Transform (DCT) domain and a neural network is trained for malware detection. A shallow neural network is trained for classification, and its accuracy is compared with deep-network architectures such as ResNet that are trained using transfer learning. Neither dis-assembly nor behavioral analysis of malware is required for these methods. Motivated by the visual similarity of these images for different malware families, we compare our deep neural network models with standard image features like GIST descriptors to evaluate the performance. A joint feature measure is proposed to combine different features using error analysis to get an accurate ensemble model for improved classification performance. A new dataset called MaleX which contains around 1 million malware and benign Windows executable samples is created for large-scale malware detection and classification experiments. Experimental results are quite promising with 96% binary classification accuracy on MaleX. The proposed model is also able to generalize well on larger unseen malware samples and the results compare favorably with state-of-the-art static analysis-based malware detection algorithms
MalGrid: Visualization Of Binary Features In Large Malware Corpora
The number of malware is constantly on the rise. Though most new malware are
modifications of existing ones, their sheer number is quite overwhelming. In
this paper, we present a novel system to visualize and map millions of malware
to points in a 2-dimensional (2D) spatial grid. This enables visualizing
relationships within large malware datasets that can be used to develop triage
solutions to screen different malware rapidly and provide situational
awareness. Our approach links two visualizations within an interactive display.
Our first view is a spatial point-based visualization of similarity among the
samples based on a reduced dimensional projection of binary feature
representations of malware. Our second spatial grid-based view provides a
better insight into similarities and differences between selected malware
samples in terms of the binary-based visual representations they share. We also
provide a case study where the effect of packing on the malware data is
correlated with the complexity of the packing algorithm.Comment: Submitted version - MILCOM 2022 IEEE Military Communications
Conference. The high-quality images in this paper can be found on Github
(https://github.com/Mayachitra-Inc/MalGrid
Resampling Forgery Detection Using Deep Learning and A-Contrario Analysis
The amount of digital imagery recorded has recently grown exponentially, and
with the advancement of software, such as Photoshop or Gimp, it has become
easier to manipulate images. However, most images on the internet have not been
manipulated and any automated manipulation detection algorithm must carefully
control the false alarm rate. In this paper we discuss a method to
automatically detect local resampling using deep learning while controlling the
false alarm rate using a-contrario analysis. The automated procedure consists
of three primary steps. First, resampling features are calculated for image
blocks. A deep learning classifier is then used to generate a heatmap that
indicates if the image block has been resampled. We expect some of these blocks
to be falsely identified as resampled. We use a-contrario hypothesis testing to
both identify if the patterns of the manipulated blocks indicate if the image
has been tampered with and to localize the manipulation. We demonstrate that
this strategy is effective in indicating if an image has been manipulated and
localizing the manipulations.Comment: arXiv admin note: text overlap with arXiv:1802.0315
Boosting Image Forgery Detection using Resampling Features and Copy-move analysis
Realistic image forgeries involve a combination of splicing, resampling,
cloning, region removal and other methods. While resampling detection
algorithms are effective in detecting splicing and resampling, copy-move
detection algorithms excel in detecting cloning and region removal. In this
paper, we combine these complementary approaches in a way that boosts the
overall accuracy of image manipulation detection. We use the copy-move
detection method as a pre-filtering step and pass those images that are
classified as untampered to a deep learning based resampling detection
framework. Experimental results on various datasets including the 2017 NIST
Nimble Challenge Evaluation dataset comprising nearly 10,000 pristine and
tampered images shows that there is a consistent increase of 8%-10% in
detection rates, when copy-move algorithm is combined with different resampling
detection algorithms
Recommended from our members
Resampling Forgery Detection Using Deep Learning and A-Contrario Analysis.
Recommended from our members
Detection and Localization of Image Forgeries using Resampling Features and Deep Learning
Resampling is an important signature of manipulated images. In this paper, we
propose two methods to detect and localize image manipulations based on a
combination of resampling features and deep learning. In the first method, the
Radon transform of resampling features are computed on overlapping image
patches. Deep learning classifiers and a Gaussian conditional random field
model are then used to create a heatmap. Tampered regions are located using a
Random Walker segmentation method. In the second method, resampling features
computed on overlapping image patches are passed through a Long short-term
memory (LSTM) based network for classification and localization. We compare the
performance of detection/localization of both these methods. Our experimental
results show that both techniques are effective in detecting and localizing
digital image forgeries