A Comparison of Selected Image Transformation Techniques for Malware Classification
This work addresses the lack of standardized image conversion methods for malware classification, but it is incremental as it compares existing techniques without introducing new ones.
The paper compared eight malware-to-image conversion techniques with various learning models for malware classification, finding that multiple conversion methods performed similarly despite different processes, suggesting effectiveness depends more on image analysis strengths than conversion details.
Recently, a considerable amount of malware research has focused on the use of powerful image-based machine learning techniques, which generally yield impressive results. However, before image-based techniques can be applied to malware, the samples must be converted to images, and there is no generally-accepted approach for doing so. The malware-to-image conversion strategies found in the literature often appear to be ad hoc, with little or no effort made to take into account properties of executable files. In this paper, we experiment with eight distinct malware-to-image conversion techniques, and for each, we test a variety of learning models. We find that several of these image conversion techniques perform similarly across a range of learning models, in spite of the image conversion processes being quite different. These results suggest that the effectiveness of image-based malware classification techniques may depend more on the inherent strengths of image analysis techniques, as opposed to the precise details of the image conversion strategy.