Analysis of Malware behavior: Type classification using machine learning

Malicious software has become a major threat to modern society, not only due to the increased complexity of the malware itself but also due to the exponential increase of new malware each day. This study tackles the problem of analyzing and classifying a high amount of malware in a scalable and automatized manner. We have developed a distributed malware testing environment by extending Cuckoo Sandbox that was used to test an extensive number of malware samples and trace their behavioral data. The extracted data was used for the development of a novel type classification approach based on supervised machine learning. The proposed classification approach employs a novel combination of features that achieves a high classification rate with a weighted average AUC value of 0.98 using Random Forests classifier. The approach has been extensively tested on a total of 42,000 malware samples. Based on the above results it is believed that the developed system can be used to pre-filter novel from known malware in a future malware analysis system.

[1]  M. Ghiasi,et al.  A miner for malware detection based on API function calls and their arguments , 2012, The 16th CSI International Symposium on Artificial Intelligence and Signal Processing (AISP 2012).

[2]  Mamoun Alazab,et al.  Towards Understanding Malware Behaviour by the Extraction of API Calls , 2010, 2010 Second Cybercrime and Trustworthy Computing Workshop.

[3]  Md. Rafiqul Islam,et al.  Differentiating malware from cleanware using behavioural analysis , 2010, 2010 5th International Conference on Malicious and Unwanted Software.

[4]  Christopher Krügel,et al.  Improving the efficiency of dynamic malware analysis , 2010, SAC '10.

[5]  Carsten Willems,et al.  Learning and Classification of Malware Behavior , 2008, DIMVA.

[6]  Carsten Willems,et al.  Automatic analysis of malware behavior using machine learning , 2011, J. Comput. Secur..

[7]  Leo Breiman,et al.  Random Forests , 2001, Machine Learning.

[8]  Jens Myrup Pedersen,et al.  Analysis of malware behavior: Type classification using machine learning , 2015, 2015 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA).