Microsoft and Intel turn malware into images to help spot more threats

Jon Fingas
Associate Editor
laptop, smartphone and computer code

Microsoft and Intel have a novel approach to classifying malware: visualizing it. They’re collaborating on STAMINA (Static Malware-as-Image Network Analysis), a project that turns rogue code into grayscale images so that a deep learning system can study them. The approach converts the binary form of an input file into a simple stream of pixels, and turns that into a picture with dimensions that vary depending on aspects like file size. A trained neural network then determines what (if anything) has infected the file.

ZDNet noted that the AI is trained on the huge amount of data Microsoft has collected from Windows Defenders installations. The technology doesn’t need full-size, pixel-by-pixel recreations of viruses, which makes sense when large malware could easily translate to gigantic pictures.

STAMINA has proven mostly effective so far, with just over 99 percent accuracy in classifying malware and a false positive rate slightly under 2.6 percent. However, it has its limits. It works well with small files, but it struggles with larger ones.

With enough refinement, though, this could be very useful. Most malware detection relies on extracting binary signatures or fingerprints, but the sheer number of signatures makes that impractical. This could help anti-malware tools effectively keep up and reduce the chances of security threats slipping past defenses.