Malware analysis using visualized images and entropy graphs

Abstract

Today, along with the development of the Internet, the number of malicious software, or malware, distributed especially for monetary profits, is exponentially increasing, and malware authors are developing malware variants using various automated tools and methods. Automated tools and methods may reuse some modules to develop malware variants, so these reused modules can be used to classify malware or to identify malware families. Therefore, similarities may exist among malware variants can be analyzed and used for malware variant detections and the family classification. This paper proposes a new malware family classification method by converting binary files into images and entropy graphs. The experimental results show that the proposed method can effectively distinguish malware families.