Association for Computing Machinery
In this paper, the authors propose SigMal, a fast and precise malware detection framework based on signal processing techniques. SigMal is designed to operate with systems that process large amounts of binary samples. It has been observed that many samples received by such systems are variants of previously seen malware, and they retain some similarity at the binary level. Previous systems used this notion of malware similarity to detect new variants of previously seen malware. SigMal improves the state-of-the-art by leveraging techniques borrowed from signal processing to extract noise-resistant similarity signatures from the samples.