Analysis of Machine learning Techniques Used in Behavior-Based Malware Detection

  title={Analysis of Machine learning Techniques Used in Behavior-Based Malware Detection},
  author={Ivan Firdausi and Charles Lim and Alva Erwin and Anto Satriyo Nugroho},
  journal={2010 Second International Conference on Advances in Computing, Control, and Telecommunication Technologies},
  • Ivan Firdausi, Charles Lim, A. Nugroho
  • Published 2 December 2010
  • Computer Science
  • 2010 Second International Conference on Advances in Computing, Control, and Telecommunication Technologies
The increase of malware that are exploiting the Internet daily has become a serious threat. The manual heuristic inspection of malware analysis is no longer considered effective and efficient compared against the high spreading rate of malware. Hence, automated behavior-based malware detection using machine learning techniques is considered a profound solution. The behavior of each malware on an emulated (sandbox) environment will be automatically analyzed and will generate behavior reports… 

Figures and Tables from this paper

Improving the effectiveness and efficiency of dynamic malware analysis with machine learning
The application of machine learning algorithms to predict the length of time malware should be executed in a sandbox to reveal its malicious intent is presented and a novel hybrid approach to malware classification based on static binary analysis and dynamic analysis of malware is introduced.
Malware Analysis using Machine Learning and Deep Learning techniques
This research presents a framework which extracts various feature-sets such as system calls, operational codes, sections, and byte codes from the malware files and shows how deep learning approach performs better than the traditional shallow machine learning approaches.
A Comparative Analysis of Machine Learning Techniques for Classification and Detection of Malware
A survey that determines the best features extraction and classification methods that result in the best accuracy in detecting malware and performs a base for further research in the field of malware analysis with machine learning methods.
SVM Based Effective Malware Detection System
This system uses a hybrid approach for discovering malware based on support vector machine classifier so that potential of malware detection system can be leveraged to combat with diverse forms of malwares while attaining high accuracy and low false alarms.
MALWARE DETECTION AND CLASSIFICATION USING MACHINE LEARNING TECHNIQUES Submitted in fulfillment of seminar required for the Master of Technology Computer Science and Engineering
This report will discuss Behavior-Based Detection methods and how to apply different machine learning techniques in order to build behavior-based malware detection and classification methods.
Feature Selection and Improving Classification Performance for Malware Detection
  • Carlos Cepeda, D. Lo, Pablo Ordóñez
  • Computer Science
    2016 IEEE International Conferences on Big Data and Cloud Computing (BDCloud), Social Computing and Networking (SocialCom), Sustainable Computing and Communications (SustainCom) (BDCloud-SocialCom-SustainCom)
  • 2016
It is found that "9" features are enough to distinguish malware from "goodware" files within an accuracy of 99.60%.
Malware Detection Using Machine Learning and Deep Learning
The results show that the Random Forest outperforms Deep Neural Network with opcode frequency as a feature and Deep Auto-Encoders are overkill for the dataset, and elementary function like Variance Threshold perform better than others.
Large scale machine learning for the detection and classification of malware
A meta-model trained using deep learning that finds the simplest classifiers to characterize and assign malware into their corresponding families is introduced that can determine when simple and less expensive malware characterization will suffice to accurately classify malicious executables, or when more computationally expensive descriptions are required.
A Survey on Malware Classification Using Machine Learning and Deep Learning
An indepth study of the features is provided that can be used to differentiate malware and the various stages of machine learning and deep learning that researchers use in their research work and the pros and cons they face that can assist new researchers while selecting an algorithm for theirResearch work are described.


Automatic analysis of malware behavior using machine learning
An incremental approach for behavior-based analysis, capable of processing the behavior of thousands of malware binaries on a daily basis is proposed, significantly reduces the run-time overhead of current analysis methods, while providing accurate discovery and discrimination of novel malware variants.
Learning and Classification of Malware Behavior
The effectiveness of the proposed method for learning and discrimination of malware behavior is demonstrated, especially in detecting novel instances of malware families previously not recognized by commercial anti-virus software.
TTAnalyze: A Tool for Analyzing Malware
TTAnalyze is presented, a tool for dynamically analyzing the behavior of Windows executables, which runs binaries in an unmodified Windows environment, which leads to excellent emulation accuracy and makes it more difficult to detect by malicious code.
A Malware Instruction Set for Behavior-Based Analysis
A new representation for monitored behavior of malicious software called Malware Instruction Set (MIST) is introduced, optimized for effective and efficient analysis of behavior using data mining and machine learning techniques.
The WEKA data mining software: an update
This paper provides an introduction to the WEKA workbench, reviews the history of the project, and, in light of the recent 3.6 stable release, briefly discusses what has been added since the last stable version (Weka 3.4) released in 2003.
and K
  • Rieck, “A Malware Instruction Set for Behavior-Based Analysis”
  • 2009
and T
  • Holz, “Automatic Analysis of Malware Behavior using Machine Learning”
  • 2009
Mining specifications of malicious behavior
The technique derives a specification of malicious behavior by comparing the execution behavior of a known malware against the execution behaviors of a set of benign programs, and indicates that the algorithm is effective in extracting malicious behaviors that can be used to detect malware variants.