To date, a large number of research papers have been written on the classification of malware, its identification, classification into different families and the distinction between malware and goodware. These works have been based on captured malware samples and have attempted to analyse malware and goodware using various techniques, including techniques from the field of artificial intelligence. For example, neural networks have played a significant role in these classification methods. Some of this work also deals with analysing malware using its visualisation. These works usually convert malware samples capturing the structure of malware into image structures, which are then the object of image processing. In this paper, we propose a very unconventional and novel approach to malware visualisation based on dynamic behaviour analysis, with the idea that the images, which are visually very interesting, are then used to classify malware concerning goodware. Our approach opens an extensive topic for future discussion and provides many new directions for research in malware analysis and classification, as discussed in conclusion. The results of the presented experiments are based on a database of 6 589 997 goodware, 827 853 potentially unwanted applications and 4 174 203 malware samples provided by ESET and selected experimental data (images, generating polynomial formulas and software generating images) are available on GitHub for interested readers. Thus, this paper is not a comprehensive compact study that reports the results obtained from comparative experiments but rather attempts to show a new direction in the field of visualisation with possible applications in malware analysis.
翻译:迄今为止,已经编写了大量关于恶意软件分类、其识别、不同家庭分类以及恶意软件和良好软件的分类的研究论文,这些研究论文以收集的恶意软件样本为基础,试图利用各种技术,包括人工智能领域的技术,分析恶意软件和良好软件;例如,神经网络在这些分类方法中发挥了重要作用;其中一些工作还涉及使用其视觉化分析恶意软件。这些工作通常将获取恶意软件结构的恶意软件样本转换成图像结构,然后作为图像处理的对象。在本文中,我们提议以动态行为分析为基础,采用非常非常规和新颖的方法对恶意软件进行可视化。我们认为,这些图象非常有趣,然后用来对恶意软件进行分类。我们的方法为今后的讨论开辟了一个广泛的主题,并为恶意软件分析和分类方面的研究提供了许多新的方向。 提出的实验结果基于一个数据库,即6 58997 良好软件,827 可能不需要的应用程序和4 174 恶意软件样本,以动态行为分析为基础,其设想是动态行为分析,这些图象非常有趣,然后用来对恶意软件进行分类。