Visual malware detection using local malicious pattern

In recent years, malware authors have had significant developments in offering new generations of malware and have tried to use different methods to make malware detection hard, so detecting malware has become one of the most important challenges for the security of computer systems. These developments have made detection of malware using conventional methods rather difficult and in many cases impossible. Thus, inventing new methods for detecting malware is critical. In this paper, a new method is proposed to detect unknown malware based on micro-patterns within the executable files. In the proposed method, for extracting required micro-patterns, one of the well-known methods in machine vision field is used. The proposed method works as follows: first executable files are converted into digital images; second, these images are used to extract visual features of the executable files; finally, machine learning methods are used to detect malware. The main idea of the proposed method is based on differences in the behavior and functionality of malware and benign files, where different behavior results in different micro-patterns which can be used to distinguish between malware and benign files. Accordingly, in this paper a textural image classification method is used which aims to extract micro-patterns of digital textural images, to detect and extract micro-patterns of executable files and use them to detect malware.