Malware Automatic Analysis

Abstract

The malicious code analysis allows malware behavior characteristics to be identified, in other words how does it act in the operating system, what obfuscation techniques are used, which execution flows lead to the primary planned behavior, use of network operations, files downloading operations, user and system's information capture, access to records, among other activities, in order to learn how malware works, to create ways to identify new malicious softwares with similar behavior, and ways of defense. Manual scanning for signature generation becomes impractical, since it requires a lot of time compared to new malwares' dissemination and creation speed. Therefore, this paper proposes the use of sandbox techniques and machine learning techniques to automate software identification in this context. This paper, besides presenting a different and faster approach to malware detection, has achieved an accuracy rate of over 90% for the task of malware identifying.