{Ramon Vicens Jordi Planes Carles Mateu Daniel Gibert}

Abstract

he number of malicious programs has grown both in number and in sophistication. Analyzing the malicious intent ofvast amounts of data requires huge resources and thus, effective categorization of malware is required. In this paper,the content of a malicious program is represented as an entropy stream, where each value describes the amount of entropy of a small chunk of code in a specific location of the file. Wavelet transforms are then applied to this entropy signal todescribe the variation in the entropic energy. Motivated by the visual similarity between streams of entropy of malicioussoftware belonging to the same family, we propose a file agnostic deep learning approach for categorization of malware.Our method exploits the fact that most variants are generated by using common obfuscation techniques and that compression and encryption algorithms retain some properties present in the original code. This allows us to find discriminative patterns that almost all variants in a family share. Our method has been evaluated using the data provided by Microsoft for the BigData Innovators Gathering Anti-Malware Prediction Challenge, and achieved promising results in comparison with the State of the Art.