Visible to the public Static and Dynamic Malware Analysis Using Machine Learning

TitleStatic and Dynamic Malware Analysis Using Machine Learning
Publication TypeConference Paper
Year of Publication2019
AuthorsIjaz, M., Durad, M. H., Ismail, M.
Conference Name2019 16th International Bhurban Conference on Applied Sciences and Technology (IBCAST)
ISBN Number978-1-5386-7729-2
KeywordsAPIs, application program interfaces, Binary, Classification algorithms, cuckoo sandbox, data mining, DLLs, dynamic analysis, Dynamic Malware Analysis, evade, feature extraction, Human Behavior, Internet oriented machines security, invasive software, learning (artificial intelligence), machine learning, Malware, malware analysis, malwares, Metrics, obfuscate, PEFILE, pubcrawl, registry keys changed, Resiliency, Sandboxing, static analysis, static malware analysis, summary information

Malware detection is an indispensable factor in security of internet oriented machines. The combinations of different features are used for dynamic malware analysis. The different combinations are generated from APIs, Summary Information, DLLs and Registry Keys Changed. Cuckoo sandbox is used for dynamic malware analysis, which is customizable, and provide good accuracy. More than 2300 features are extracted from dynamic analysis of malware and 92 features are extracted statically from binary malware using PEFILE. Static features are extracted from 39000 malicious binaries and 10000 benign files. Dynamically 800 benign files and 2200 malware files are analyzed in Cuckoo Sandbox and 2300 features are extracted. The accuracy of dynamic malware analysis is 94.64% while static analysis accuracy is 99.36%. The dynamic malware analysis is not effective due to tricky and intelligent behaviours of malwares. The dynamic analysis has some limitations due to controlled network behavior and it cannot be analyzed completely due to limited access of network.

Citation Keyijaz_static_2019