Video Converter
Audio Converter
Image Converter
PDF Converter
File Compressor
malware analysis using visualized images and entropy

Malware analysis using visualized images and entropy graphs Kyoung - PowerPoint PPT Presentation

Feb 15, 2024 •6 likes •209 views

Malware analysis using visualized images and entropy graphs Kyoung Soo Han Jae Hyun Lim Boojoong Kang Eul Gyu Im Presented by Ruikai Zheng CISC850 Cyber Analytics 1.Introduction Malware variants developed using automated tools

  1. Malware analysis using visualized images and entropy graphs Kyoung Soo Han · Jae Hyun Lim · Boojoong Kang · Eul Gyu Im Presented by Ruikai Zheng CISC850 Cyber Analytics

  2. 1.Introduction Malware variants developed using automated tools • Automated tools reuse modules • Similarities may exist among malware variants •

  3. 2.General Idea

  4. 3. Bitmap Image

  5. Bitmap Image converter

  6. Some examples

  7. 4. Entropy graph

  8. Entropy graph generator For each line of bitmap image: (suppose the image is 256 * 256)

  9. 5. Compute similarities • Align the x-axes(the heights of bitmap images) of the two entropy graphs

  11. Compute similarities • Compute K 1 and K 2 – K 1

  12. Compute similarities • Compute K 1 and K 2 – K 2

  14. Compute similarities • Similarity value

  15. Experiment result

  16. Experiment result

  17. Experiment result • Threshold – False positive rate – False negative rate

  18. Limitation • Malware applied with packing technique – The entropy values of binaries can be very high – Packed malware binaries are difficult to classify

  19. Conclusion The paper proposed a malware visualization method that • using binary grayscale bitmap images and entropy graphs. The paper proposed a method to calculate similarities of • malware to classify malware families. Experimental results showed that proposed method can • classify malware families with a small false-positive/false - negative rate.

  20. Thank you

Recommend

Entropy, Relative Entropy, Cross Entropy Entropy Entropy, H(x) is a measure of the uncertainty of

Entropy, Relative Entropy, Cross Entropy Entropy Entropy, H(x) is a measure of the uncertainty of

Entropy, Relative Entropy, Cross Entropy Entropy Entropy, H(x) is a measure of the uncertainty of a discrete random variable. Properties: H(x) >= 0 Entropy Entropy Lesser the probability for an event, larger the entropy.

475 views • 21 slides
Formal Modeling in Cognitive Science Lecture 25: Entropy, Joint Entropy, Conditional Entropy 1

Formal Modeling in Cognitive Science Lecture 25: Entropy, Joint Entropy, Conditional Entropy 1

Entropy Entropy Formal Modeling in Cognitive Science Lecture 25: Entropy, Joint Entropy, Conditional Entropy 1 Entropy Entropy and Information Joint Entropy Frank Keller Conditional Entropy School of Informatics University of Edinburgh

82 views • 4 slides
Malware Analysis Using Visualized Image Matrices Tzu-Ming Huang CISC850 Cyber Analy@cs CISC850

Malware Analysis Using Visualized Image Matrices Tzu-Ming Huang CISC850 Cyber Analy@cs CISC850

Malware Analysis Using Visualized Image Matrices Tzu-Ming Huang CISC850 Cyber Analy@cs CISC850 Cyber Analy@cs Overview malware visual analysis method convert binary files into images Reduce computa@on major block

809 views • 22 slides
Malware Obfuscation Techniques: Packing November 18, 2014 Malware and packing Not packed (20%)

Malware Obfuscation Techniques: Packing November 18, 2014 Malware and packing Not packed (20%)

Malware Obfuscation Techniques: Packing November 18, 2014 Malware and packing Not packed (20%) 80% of new malware are packed with various packers Malware Obfuscation Techniques: Packing 2 Malware and packing Not packed (20%) 80%

991 views • 51 slides
Linux malware presentation @r00tbsd Paul Rascagnres Malware.lu July 2013 @r00tbsd

Linux malware presentation @r00tbsd Paul Rascagnres Malware.lu July 2013 @r00tbsd

Linux malware presentation Linux malware presentation @r00tbsd Paul Rascagnres Malware.lu July 2013 @r00tbsd Paul Rascagnres from Malware.lu Linux malware presentation Plan - Presentation - Darkleech/Chapro - Cdorked - Wirenet

430 views • 31 slides
GOODWARE DRUGS FOR MALWARE: ON-THE-FLY MALWARE ANALYSIS AND CONTAINMENT DAMIANO BOLZONI

GOODWARE DRUGS FOR MALWARE: ON-THE-FLY MALWARE ANALYSIS AND CONTAINMENT DAMIANO BOLZONI

GOODWARE DRUGS FOR MALWARE: ON-THE-FLY MALWARE ANALYSIS AND CONTAINMENT DAMIANO BOLZONI CHRISTIAAN SCHADE TWENTE SECURITY LAB UNIVERSITY OF TWENTE THE NETHERLANDS AGENDA Something about malware Malware internals Current analysis

401 views • 27 slides
Entrapment: Tricking Malware with Transparent, Scalable Malware Analysis Paul Royal

Entrapment: Tricking Malware with Transparent, Scalable Malware Analysis Paul Royal

Entrapment: Tricking Malware with Transparent, Scalable Malware Analysis Paul Royal paul@gtisc.gatech.edu Agenda Modern Malware Obfuscations, Server-side Polymorphism, Collection Volume Malware Analysis Detection

511 views • 27 slides
Android Malware Analysis on Attacks and Defense Android malware Android malware With the

Android Malware Analysis on Attacks and Defense Android malware Android malware With the

Android Malware Analysis on Attacks and Defense Android malware Android malware With the explosive growth of mobile device market and usage, there is an increasing number of malicious mobile applications targeting these devices and

826 views • 44 slides
Chapter 2 Entropy, Relative Entropy, and Mutual Infor- mation Peng-Hua Wang Graduate Institute

Chapter 2 Entropy, Relative Entropy, and Mutual Infor- mation Peng-Hua Wang Graduate Institute

Chapter 2 Entropy, Relative Entropy, and Mutual Infor- mation Peng-Hua Wang Graduate Institute of Communication Engineering National Taipei University Chapter Outline Chap. 2 Entropy, Relative Entropy, and Mutual Information 2.1 Entropy 2.2

755 views • 51 slides
Entropy Coding Definition of Entropy Three Entropy coding techniques: (taken from the

Entropy Coding Definition of Entropy Three Entropy coding techniques: (taken from the

Outline Entropy Coding Definition of Entropy Three Entropy coding techniques: (taken from the Technion) Huffman coding Arithmetic coding Lempel-Ziv coding 2 Entropy Definitions Alphabet : A finite set containing at least

406 views • 10 slides
1) Entropy = measure of randomness 2) Entropy = measure of compressibility More random = Less

1) Entropy = measure of randomness 2) Entropy = measure of compressibility More random = Less

Introduction to Information Retrieval Entropy: a basic introduction 1) Entropy = measure of randomness 2) Entropy = measure of compressibility More random = Less compressible High entropy = high randomness/low compressibility Low entropy =

241 views • 19 slides
Malware Halting 1. Malware 2. Software diversity Part I: Method Development 3. Computer

Malware Halting 1. Malware 2. Software diversity Part I: Method Development 3. Computer

Overview Malware Halting 1. Malware 2. Software diversity Part I: Method Development 3. Computer immunization Kjell Jrgen Hole Simula@UiB 4. Epidemiological model 5. Malware halting analysis 6. Malware halting method Last updated

672 views • 29 slides
Malware What is malware? Malware: malicious software worm ransomware adware

Malware What is malware? Malware: malicious software worm ransomware adware

Malware What is malware? Malware: malicious software worm ransomware adware virus trojan horse etc. and how do we fight it? AV software Firewalls Filtering Patching Writing more secure software

548 views • 42 slides
On Static Malware Detection Tayssir Touili LIPN, CNRS & Univ. Paris 13 Motivation: Malware

On Static Malware Detection Tayssir Touili LIPN, CNRS & Univ. Paris 13 Motivation: Malware

On Static Malware Detection Tayssir Touili LIPN, CNRS & Univ. Paris 13 Motivation: Malware Detection The number of new malware exceeds 75 million by the end of 2011, and is still increasing. The number of malware that produced

1.34k views • 91 slides
Malware What is malware? Malware: malicious software worm ransomware adware

Malware What is malware? Malware: malicious software worm ransomware adware

Malware What is malware? Malware: malicious software worm ransomware adware virus trojan horse etc. and how do we fight it? AV software Firewalls Filtering Patching Writing more secure software

574 views • 22 slides
Android Malware Adventures Mert Can Cokuner Krat Ouzhan Aknc Android Malware

Android Malware Adventures Mert Can Cokuner Krat Ouzhan Aknc Android Malware

DeepSec IDSC Android Malware Adventures Mert Can Cokuner Krat Ouzhan Aknc Android Malware Adventures Agenda INTRODUCTION ANDROID MALWARE COMMAND & CONTROL QUESTIONS & ANSWERS 2 1 2 3 4 Android Malware

1.01k views • 64 slides
www.complyadvantage.com AN INTRODUCTION TO COMPLYADVANTAGE Automated Screening at The worlds

www.complyadvantage.com AN INTRODUCTION TO COMPLYADVANTAGE Automated Screening at The worlds

www.complyadvantage.com AN INTRODUCTION TO COMPLYADVANTAGE Automated Screening at The worlds only dynamic, real-time 1 Policy Quote and/or Bind database of people/companies that pose financial crime risk Proactive Monitoring of Policy

1.16k views • 13 slides
Robin Thorpe & Meenu Wadhwa Revised Guideline: Differences from original Condensed; much

Robin Thorpe & Meenu Wadhwa Revised Guideline: Differences from original Condensed; much

Revised Immunogenicity Guideline: Assays and methods- Presentation of the draft guideline and introduction of the topics for discussion Robin Thorpe & Meenu Wadhwa Revised Guideline: Differences from original Condensed; much

588 views • 17 slides
Near-Real-Time Air Monitoring for Chemical Warfare Agents in the Destruction of Chemical Munitions

Near-Real-Time Air Monitoring for Chemical Warfare Agents in the Destruction of Chemical Munitions

Near-Real-Time Air Monitoring for Chemical Warfare Agents in the Destruction of Chemical Munitions (at the Tooele Chemical Agent Destruction Facility, Deseret Chemical Depot, Utah) Dr. Gary D. Sides, Dr. George M. Lucier, and Mr. Randy Roten

514 views • 36 slides
Case Study: Active Vapor Mitigation System Design for a Complex Industrial Building Renovation

Case Study: Active Vapor Mitigation System Design for a Complex Industrial Building Renovation

Case Study: Active Vapor Mitigation System Design for a Complex Industrial Building Renovation Application of Multiple Active Depressurization Technologies (ADT) in the Renovation of a Historical Landmark Building 2nd Annual RE3 Conference

583 views • 30 slides
International For use outside the USA - these statements have not been evaluated by the FDA

International For use outside the USA - these statements have not been evaluated by the FDA

May 2020 2019 International For use outside the USA - these statements have not been evaluated by the FDA Biomerica COVID-19 May 2020 rev 1.pptx Who We Are We are an experienced manufacturer of FDA World Class Scientific Advisory Board

363 views • 14 slides
Joyce N. Malinga, JanKreuze, Maria Soto, March Ghislain, Simon Gichuki, Michela Akhwale,

Joyce N. Malinga, JanKreuze, Maria Soto, March Ghislain, Simon Gichuki, Michela Akhwale,

EVALUATION OF TRANSGENIC SWEETPOTATO ( Ipomoea batatas L. ) LINES AGAINST SWEETPOTATO VIRUS DISEASE(SPVD) COMPLEX Joyce N. Malinga, JanKreuze, Maria Soto, March Ghislain, Simon Gichuki, Michela Akhwale, Laura Karanj a, Alice Dok and Grace

365 views • 35 slides
GETTING FROM PROPOSAL TO PRESENTATION IN 72 HOURS Julie Marie Irvin President & Founder

GETTING FROM PROPOSAL TO PRESENTATION IN 72 HOURS Julie Marie Irvin President & Founder

Quick Start Interview Preparation: GETTING FROM PROPOSAL TO PRESENTATION IN 72 HOURS Julie Marie Irvin President & Founder Sign up for our monthly newsletter for more proposal and marketing tips! Grab your Text phones KEYSTONE to

726 views • 48 slides
Recording and Posting a Narrated PowerPoint Presentation Let me know if I can help! Zak

Recording and Posting a Narrated PowerPoint Presentation Let me know if I can help! Zak

Recording and Posting a Narrated PowerPoint Presentation Let me know if I can help! Zak Birchmeier canvas@stephens.edu 573-876-2392 1) Get a headset. Models that cost $40 are still good try Best Buy. (If you are local, GCS

280 views • 3 slides

More recommend

Explore More Topics

Stay informed with curated content and fresh updates.

animals pets art culture automotive transportation business finance computer internet construction architecture education-career electronics communication

Logo Sambuz

Unleash a World of Digital Possibilities—Browse, Share, and Explore Content Without Boundaries

Useful Links

About Us Privacy Services FAQ's Contact

Newsletter

Stay Informed & Inspired—Subscribe for the Latest Updates, Tips, and Exclusive Content Directly to Your Inbox.

Mail Us

mail@sambuz.com

2026 SAMBUZ, All right reserved.