In the recent years, there has been a rapid rise in the number of files submitted to anti-virus companies for analysis, so it has become very difficult to analyse functionality of each file manually. Malware developers have been highly successful in evading the signature-based detection techniques. Most of the prevailing static analysis techniques involve a tool to parse the file. The entire analysis process becomes dependent to the efficacy of the tool, if the tool crashes the process is hampered. Most of the dynamic analysis techniques involve the binary file to be run in a sand-boxed environment to examine its behaviour. This can be easily thwarted by hiding the malicious activities of the file if it is being run inside a virtual environment. In this thesis, we have explored a new technique to represent malware as images. We then used existing neural network techniques, for classifying images, to train a classifier for classifying new malware files into their respective classes. By converting the file into an image representation we have made our analysis process independent of any tool also the process becomes less time consuming. With our model we have been able to get an accuracy of 98.21% in classifying malware samples.
Ajay Singh, 15111005