Static and Dynamic Malware Analysis Using Machine Learning

2019 16th International Bhurban Conference on Applied Sciences and Technology (IBCAST) Pub Date : 2019-01-01 DOI:10.1109/IBCAST.2019.8667136

Muhammad Ijaz, M. H. Durad, M. Ismail

{"title":"Static and Dynamic Malware Analysis Using Machine Learning","authors":"Muhammad Ijaz, M. H. Durad, M. Ismail","doi":"10.1109/IBCAST.2019.8667136","DOIUrl":null,"url":null,"abstract":"Malware detection is an indispensable factor in security of internet oriented machines. The combinations of different features are used for dynamic malware analysis. The different combinations are generated from APIs, Summary Information, DLLs and Registry Keys Changed. Cuckoo sandbox is used for dynamic malware analysis, which is customizable, and provide good accuracy. More than 2300 features are extracted from dynamic analysis of malware and 92 features are extracted statically from binary malware using PEFILE. Static features are extracted from 39000 malicious binaries and 10000 benign files. Dynamically 800 benign files and 2200 malware files are analyzed in Cuckoo Sandbox and 2300 features are extracted. The accuracy of dynamic malware analysis is 94.64% while static analysis accuracy is 99.36%. The dynamic malware analysis is not effective due to tricky and intelligent behaviours of malwares. The dynamic analysis has some limitations due to controlled network behavior and it cannot be analyzed completely due to limited access of network.","PeriodicalId":335329,"journal":{"name":"2019 16th International Bhurban Conference on Applied Sciences and Technology (IBCAST)","volume":"30 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"64","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 16th International Bhurban Conference on Applied Sciences and Technology (IBCAST)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IBCAST.2019.8667136","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 64

Abstract

Malware detection is an indispensable factor in security of internet oriented machines. The combinations of different features are used for dynamic malware analysis. The different combinations are generated from APIs, Summary Information, DLLs and Registry Keys Changed. Cuckoo sandbox is used for dynamic malware analysis, which is customizable, and provide good accuracy. More than 2300 features are extracted from dynamic analysis of malware and 92 features are extracted statically from binary malware using PEFILE. Static features are extracted from 39000 malicious binaries and 10000 benign files. Dynamically 800 benign files and 2200 malware files are analyzed in Cuckoo Sandbox and 2300 features are extracted. The accuracy of dynamic malware analysis is 94.64% while static analysis accuracy is 99.36%. The dynamic malware analysis is not effective due to tricky and intelligent behaviours of malwares. The dynamic analysis has some limitations due to controlled network behavior and it cannot be analyzed completely due to limited access of network.

查看原文本刊更多论文

使用机器学习的静态和动态恶意软件分析

恶意软件检测是面向互联网的机器安全不可缺少的因素。不同特征的组合用于动态恶意软件分析。不同的组合是由api、摘要信息、dll和注册表项更改生成的。杜鹃沙盒用于动态恶意软件分析，可自定义，并提供良好的准确性。使用PEFILE从恶意软件的动态分析中提取了2300多个特征，从二进制恶意软件中静态提取了92个特征。静态特征是从39000个恶意二进制文件和10000个良性文件中提取的。在杜鹃沙盒中动态分析了800个良性文件和2200个恶意文件，提取了2300个特征。动态分析的准确率为94.64%，静态分析的准确率为99.36%。由于恶意软件的狡猾和智能行为，动态恶意软件分析并不有效。由于网络行为受控制，动态分析存在一定的局限性，同时由于网络接入受限，动态分析也无法完全进行。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2019 16th International Bhurban Conference on Applied Sciences and Technology (IBCAST)

自引率

0.00%

发文量