Efficient Malware Analysis Using Subspace-Based Methods on Representative Image Patterns

In this paper, we propose a new framework for classifying and visualizing malware files using subspace-based methods. The rise of advanced malware poses a significant threat to internet security, increasing the pressure on traditional cybersecurity measures which may no longer be adequate. As signature-based detection is limited to known threats, sophisticated methods are needed to detect and classify emerging malware that can bypass traditional antivirus software. Using representative image patterns to analyze malware features can provide a more detailed and precise approach by revealing detailed patterns that may be missed otherwise. In our framework, we rely on subspace representation of malware image patterns; a set of malware files belonging to the same class is compactly represented by a low-dimensional subspace in high dimensional vector space. Then, we use Subspace method (SM) and its kernel extension Kernel Subspace method (KSM) to classify a malware file by measuring the angle between the corresponding input vector and each class subspace. Further, we propose a visualization framework based on subspace representation and occlusion sensitivity analysis which enables detection of critical malware features. These visualizations can be used in conjunction with the proposed classification method to aid in interpretation of results and can lead to better understanding of malicious threats. We evaluate our methods on Malimg and Dumpware datasets and demonstrate the advantage of our methods over previous single-image verification methods that are vulnerable to varying conditions. With 98.07% and 97.21% accuracy, our algorithm outperforms other state-of-the-art techniques.