Han Solo

Jul 27, 2021

2 min read

Artificial Intelligence (AI) Analysis Technology of Malicious Code (Image-based analysis)

This time, I would like to introduce a technology based on Artificial Intelligence (AI) that analyzes malicious code.

I think there are various ways to attempt to incorporate AI in analyzing malicious code. Among them, I will explain an Image-based analysis; how to image it and then analyze. Be advised that some terminologies used in explaining the technology might be a bit hard to understand.

I think the most advanced area in the artificial intelligence field is vision analysis. Vision related technologies have continuously developed and advanced during the pandemic, such as facial recognition using thermal imaging (it is said that machines are better at recognizing faces than humans), charging parking fee by reading the car’s license plate, controlling entry access through fingerprint recognition etc.

These capabilities can be integrated into malicious code analysis, to enable recognizing malicious code via image analysis. The picture below shows the process of analyzing malware by vectorizing it in two dimensions, i.e. imaging.

Isn’t it amazing and surprising that the file can be classified as normal or malicious such as in the image below?

This application uses the latest technology, CNN-based deep learning, and has the following advantages.

This malicious code image analysis method belongs to the static analysis method, and it determines whether the file is malicious or not without executing the file. In addition to this method, next time I will introduce a dynamic analysis method that actually executes a file to determine whether it is malicious or not.