Dynamic Analysis of Executables to Detect and Characterize Malware

by   Michael R. Smith, et al.

It is needed to ensure the integrity of systems that process sensitive information and control many aspects of everyday life. We examine the use of machine learning algorithms to detect malware using the system calls generated by executables-alleviating attempts at obfuscation as the behavior is monitored rather than the bytes of an executable. We examine several machine learning techniques for detecting malware including random forests, deep learning techniques, and liquid state machines. The experiments examine the effects of concept drift on each algorithm to understand how well the algorithms generalize to novel malware samples by testing them on data that was collected after the training data. The results suggest that each of the examined machine learning algorithms is a viable solution to detect malware-achieving between 90 performance evaluation on an operational network may not match the performance achieved in training. Namely, the CAA may be about the same, but the values for precision and recall over the malware can change significantly. We structure experiments to highlight these caveats and offer insights into expected performance in operational environments. In addition, we use the induced models to gain a better understanding about what differentiates the malware samples from the goodware, which can further be used as a forensics tool to understand what the malware (or goodware) was doing to provide directions for investigation and remediation.


page 1

page 2

page 3

page 4


Detection of Advanced Malware by Machine Learning Techniques

In today's digital world most of the anti-malware tools are signature ba...

Transcending Transcend: Revisiting Malware Classification with Conformal Evaluation

Machine learning for malware classification shows encouraging results, b...

Robust Machine Learning for Malware Detection over Time

The presence and persistence of Android malware is an on-going threat th...

A Comprehensive Study on Learning-Based PE Malware Family Classification Methods

Driven by the high profit, Portable Executable (PE) malware has been con...

Multifamily Malware Models

When training a machine learning model, there is likely to be a tradeoff...

To believe or not to believe: Validating explanation fidelity for dynamic malware analysis

Converting malware into images followed by vision-based deep learning al...

Towards Deep Federated Defenses Against Malware in Cloud Ecosystems

In cloud computing environments with many virtual machines, containers, ...