Malware Detection using Dynamic Analysis

Malware detection is an indispensable factor in the security of internet-oriented machines. The number of threats have been increased day by day. Malware analysis is a process of performing analysis and a study of the components and behavior of malware. The use of dynamic analysis will help the system to classify malware more accurately and to detect any malware samples. Dynamic analysis is a method in which the malware runs in a Sandbox environment, and artifacts are collected. The system uses Cuckoo Sandbox for executing the malware samples in a controlled environment. The system compares bidirectional long short-term memory and convolutional neural network models for machine learning algorithms to detect and classify the malware samples. Unlike a typical signature-based detection, where patterns are checked in the source file, a type of static detection, here, dynamic analysis is used to extract necessary reports, which are then preprocessed to get features like dynamic link library (dlls), kernel module names, services used, etc. to try creating a list of text, which can explain the behaviour of the executable file. These are tokenized and embedded to obtain numerical data, which is passed to the models. The accuracy of trained models is compared, which describes the performance of the models on the dataset. Thus providing grounds for testing future models and later building a better detection system based on it.