Explore a base level problem in static malware analysis, that we have too many samples to analyze, by leveraging the parallelization of GPGPUs — an advantage is gained by moving the problem into the visual plane and solving similarity by texture analysis in parallel.
I’ve clustered a few hundred million PEs by organizing them by how the “look.” Debugging is accompanied by making movies of the visualization. The real utility of the art is speed. A malware sample can be analyzed on an average of 33 milliseconds. Leveraging CPUs for scheduling one can accommodate 32 threads scheduling analysis on a GPGPU provide two methods of parallelization in two architectures — win!
I will explore why the algorithms are slower on newer hardware and what changed in silicon over time providing, speedups for both older and newer hardware.