1

Last year Intel released a white paper on a joint research effort with Microsoft concerning the possibility to perform malware analysis by converting a file to an image and then applying a deep neural network model on it.

In the said white paper the first stage in the process is defined as "Preprocessing", e.g. the conversion of the file to an image.

The width and height were determined by the file size after converting to pixel stream, following an empirically validated table, as shown below. [...] Our table uses the pixel file size and image width relationship. The pixel file size is a multiplier of the file size, so that the relationships are still linearly scaled. We recommend using this table because it helps set the width and height more concretely.

Stamina preprocessing image width

The image height is calculated as the number of pixels divided by the width. If the height is a decimal number, we rounded it up and padded the extra pixels as zeroes.

I do not understand the said "pixel file size and image width relationship". Since the method directly uses the file's bytes as pixels, the pixel file size is always going to be the exact size of the original file. For example, if the file for analysis consisted of 90 bytes, the pixel stream would include 90 symbols and so the image width would be 256 (pixels I assume). Furthermore, this means that:

  • The width of the image is bigger than the amount of pixels;
  • Since the height is determined according to the width and pixel file size, in this case it would be 90/256 and, even when rounded up, it remains 1 and therefore the image is still a one-dimensional pixel stream.

More than one rows would be achieved only in cases where Pixel File Size is greater than 1024 and less than 1500, or respectively when higher than 2048.

What am I missing here? How is the Pixel File Size determined?

Elhitch
  • 403
  • 3
  • 11
  • 1
    The paper references a [previous paper](https://arxiv.org/pdf/1812.07606.pdf) for the details of the process, so see there for the details. Also, while the paper ultimately is about malware detection, the part you ask about has nothing to do with it. It is only about converting a stream of bytes (aka file) into an image so that it can be used with machine learning methods which are established for images. In other words: the question is off-topic here. – Steffen Ullrich Jun 30 '21 at 19:39

0 Answers0