We describe the results of a master's thesis in malware detection and discuss the connection to the learning goals of the project. As part of the thesis, we studied obfuscation of malware, conversion of files into images, image processing, and machine learning, a process of benefit to both the student and faculty.
Malware detection becomes significantly more difficult when the malicious specimen is obfuscated or transformed in an attempt to avoid detection. However, computer files have been shown to exhibit evidence of structure when converted into images, so with image processing filters such as granulometry, it is possible to generate a set of features which will help characterize malicious and non-malicious files. If the structures of file-derived images are resistant to obfuscation, these images may be of valuable use in providing malware signatures. We explore image generated file features and their effectiveness to identify malware when used with various machine learning classifiers.