Signal Processing - March 2016 - 109

previously applied for malware classification. We use the SRC framework
to identify the malware family of a test
sample and compare it with NN classification that we previously used in [6].
We vary the projected dimensions from
48 to 512, which are consistent for both
RP and GIST. In our experiments, we
choose 80% of a data set for training and

minimization. The overall approach is
shown in Figure 6.
We test our technique on two public malware data sets: the Malimg data
set [8] and the Malheur data set [9]. On
both data sets, we select equal number
of samples to reduce any bias toward a
particular family. For comparison, we
use GIST descriptors, which we had

20% for testing. On both the Malimg
data set [Figure 7(a)] and the Malheur
data set [Figure 7(b)], the best accuracy
is obtained for the combination of RPs
and the SRC classification framework
(92.83% for Malimg and 98.55% for
Malheur). The projected dimension is
512 from higher dimensions of 840,960
(Malimg) and 3,364,864 (Malheur).

AV Label Database

Initial Phase
Get AV Labels
From Virustotal

Tree Indices
Build
Ball Tree
for Fast NN

Compute
Fingerprints

Malware
Benign

Query Phase
New
Sample

Compute
Fingerprint

Retrieve
Top Matches

Malware

Very High Confidence

Malware

Very High Confidence

Malware

High Confidence

Malware

Low Confidence

Benign

Very Low Confidence

figuRE 5. The block schematic of SARVAM: In the initial phase, the image similarity descriptors and AV labels are computed and stored in a database. In
the query phase, the NNs along with their corresponding AV labels are retrieved.

Signal
Representation

Malware Data

Sparse Modeling
α1
=

RA1

RAN

.
.
.

D×1

D×N

u1
u2
.
.
.

α2

.
.
.

α1
α2
=

A1A2

.
.
.

w1
.
.
.
wD

uM

RPs

×

M×1

αN
RA

.
.
.
αN

N×1
w

AN

α

u

A

N×1
α

figuRE 6. The SRC framework for malware classification.
IEEE Signal Processing Magazine

|

March 2016

|

109



Table of Contents for the Digital Edition of Signal Processing - March 2016

Signal Processing - March 2016 - Cover1
Signal Processing - March 2016 - Cover2
Signal Processing - March 2016 - 1
Signal Processing - March 2016 - 2
Signal Processing - March 2016 - 3
Signal Processing - March 2016 - 4
Signal Processing - March 2016 - 5
Signal Processing - March 2016 - 6
Signal Processing - March 2016 - 7
Signal Processing - March 2016 - 8
Signal Processing - March 2016 - 9
Signal Processing - March 2016 - 10
Signal Processing - March 2016 - 11
Signal Processing - March 2016 - 12
Signal Processing - March 2016 - 13
Signal Processing - March 2016 - 14
Signal Processing - March 2016 - 15
Signal Processing - March 2016 - 16
Signal Processing - March 2016 - 17
Signal Processing - March 2016 - 18
Signal Processing - March 2016 - 19
Signal Processing - March 2016 - 20
Signal Processing - March 2016 - 21
Signal Processing - March 2016 - 22
Signal Processing - March 2016 - 23
Signal Processing - March 2016 - 24
Signal Processing - March 2016 - 25
Signal Processing - March 2016 - 26
Signal Processing - March 2016 - 27
Signal Processing - March 2016 - 28
Signal Processing - March 2016 - 29
Signal Processing - March 2016 - 30
Signal Processing - March 2016 - 31
Signal Processing - March 2016 - 32
Signal Processing - March 2016 - 33
Signal Processing - March 2016 - 34
Signal Processing - March 2016 - 35
Signal Processing - March 2016 - 36
Signal Processing - March 2016 - 37
Signal Processing - March 2016 - 38
Signal Processing - March 2016 - 39
Signal Processing - March 2016 - 40
Signal Processing - March 2016 - 41
Signal Processing - March 2016 - 42
Signal Processing - March 2016 - 43
Signal Processing - March 2016 - 44
Signal Processing - March 2016 - 45
Signal Processing - March 2016 - 46
Signal Processing - March 2016 - 47
Signal Processing - March 2016 - 48
Signal Processing - March 2016 - 49
Signal Processing - March 2016 - 50
Signal Processing - March 2016 - 51
Signal Processing - March 2016 - 52
Signal Processing - March 2016 - 53
Signal Processing - March 2016 - 54
Signal Processing - March 2016 - 55
Signal Processing - March 2016 - 56
Signal Processing - March 2016 - 57
Signal Processing - March 2016 - 58
Signal Processing - March 2016 - 59
Signal Processing - March 2016 - 60
Signal Processing - March 2016 - 61
Signal Processing - March 2016 - 62
Signal Processing - March 2016 - 63
Signal Processing - March 2016 - 64
Signal Processing - March 2016 - 65
Signal Processing - March 2016 - 66
Signal Processing - March 2016 - 67
Signal Processing - March 2016 - 68
Signal Processing - March 2016 - 69
Signal Processing - March 2016 - 70
Signal Processing - March 2016 - 71
Signal Processing - March 2016 - 72
Signal Processing - March 2016 - 73
Signal Processing - March 2016 - 74
Signal Processing - March 2016 - 75
Signal Processing - March 2016 - 76
Signal Processing - March 2016 - 77
Signal Processing - March 2016 - 78
Signal Processing - March 2016 - 79
Signal Processing - March 2016 - 80
Signal Processing - March 2016 - 81
Signal Processing - March 2016 - 82
Signal Processing - March 2016 - 83
Signal Processing - March 2016 - 84
Signal Processing - March 2016 - 85
Signal Processing - March 2016 - 86
Signal Processing - March 2016 - 87
Signal Processing - March 2016 - 88
Signal Processing - March 2016 - 89
Signal Processing - March 2016 - 90
Signal Processing - March 2016 - 91
Signal Processing - March 2016 - 92
Signal Processing - March 2016 - 93
Signal Processing - March 2016 - 94
Signal Processing - March 2016 - 95
Signal Processing - March 2016 - 96
Signal Processing - March 2016 - 97
Signal Processing - March 2016 - 98
Signal Processing - March 2016 - 99
Signal Processing - March 2016 - 100
Signal Processing - March 2016 - 101
Signal Processing - March 2016 - 102
Signal Processing - March 2016 - 103
Signal Processing - March 2016 - 104
Signal Processing - March 2016 - 105
Signal Processing - March 2016 - 106
Signal Processing - March 2016 - 107
Signal Processing - March 2016 - 108
Signal Processing - March 2016 - 109
Signal Processing - March 2016 - 110
Signal Processing - March 2016 - 111
Signal Processing - March 2016 - 112
Signal Processing - March 2016 - 113
Signal Processing - March 2016 - 114
Signal Processing - March 2016 - 115
Signal Processing - March 2016 - 116
Signal Processing - March 2016 - 117
Signal Processing - March 2016 - 118
Signal Processing - March 2016 - 119
Signal Processing - March 2016 - 120
Signal Processing - March 2016 - 121
Signal Processing - March 2016 - 122
Signal Processing - March 2016 - 123
Signal Processing - March 2016 - 124
Signal Processing - March 2016 - 125
Signal Processing - March 2016 - 126
Signal Processing - March 2016 - 127
Signal Processing - March 2016 - 128
Signal Processing - March 2016 - Cover3
Signal Processing - March 2016 - Cover4
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_201809
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_201807
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_201805
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_201803
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_201801
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_1117
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0917
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0717
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0517
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0317
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0117
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_1116
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0916
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0716
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0516
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0316
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0116
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_1115
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0915
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0715
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0515
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0315
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0115
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_1114
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0914
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0714
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0514
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0314
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0114
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_1113
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0913
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0713
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0513
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0313
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0113
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_1112
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0912
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0712
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0512
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0312
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0112
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_1111
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0911
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0711
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0511
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0311
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0111
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_1110
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0910
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0710
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0510
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0310
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0110
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_1109
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0909
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0709
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0509
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0309
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0109
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_1108
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0908
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0708
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0508
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0308
https://www.nxtbook.com/nxtbooks/ieee/signalprocessing_0108
https://www.nxtbookmedia.com