OMD: Orthogonal Malware Detection Using Audio, Image, and Static Features

TL;DR

This paper introduces OMD, a novel malware detection framework that combines audio, image, and static features to identify unique malware samples orthogonal to existing methods, enhancing detection robustness.

Contribution

The paper presents a new orthogonal malware detection approach using multi-modal features and a framework to quantify feature orthogonality, enabling the integration of diverse detection methods.

Findings

Audio descriptors effectively classify malware families.

Predictions from audio are orthogonal to image and static features.

The framework improves detection robustness through feature orthogonality.

Abstract

With the growing number of malware and cyber attacks, there is a need for "orthogonal" cyber defense approaches, which are complementary to existing methods by detecting unique malware samples that are not predicted by other methods. In this paper, we propose a novel and orthogonal malware detection (OMD) approach to identify malware using a combination of audio descriptors, image similarity descriptors and other static/statistical features. First, we show how audio descriptors are effective in classifying malware families when the malware binaries are represented as audio signals. Then, we show that the predictions made on the audio descriptors are orthogonal to the predictions made on image similarity descriptors and other static features. Further, we develop a framework for error analysis and a metric to quantify how orthogonal a new feature set (or type) is with respect to other feature sets. This allows us to add new features and detection methods to our overall framework. Experimental results on malware datasets show that our approach provides a robust framework for orthogonal malware detection.