Machine Learning Aided Static Malware Analysis: A Survey and Tutorial

08/03/2018
by   Andrii Shalaginov, et al.
0

Malware analysis and detection techniques have been evolving during the last decade as a reflection to development of different malware techniques to evade network-based and host-based security protections. The fast growth in variety and number of malware species made it very difficult for forensics investigators to provide an on time response. Therefore, Machine Learning (ML) aided malware analysis became a necessity to automate different aspects of static and dynamic malware investigation. We believe that machine learning aided static analysis can be used as a methodological approach in technical Cyber Threats Intelligence (CTI) rather than resource-consuming dynamic malware analysis that has been thoroughly studied before. In this paper, we address this research gap by conducting an in-depth survey of different machine learning methods for classification of static characteristics of 32-bit malicious Portable Executable (PE32) Windows files and develop taxonomy for better understanding of these techniques. Afterwards, we offer a tutorial on how different machine learning techniques can be utilized in extraction and analysis of a variety of static characteristic of PE binaries and evaluate accuracy and practical generalization of these techniques. Finally, the results of experimental study of all the method using common data was given to demonstrate the accuracy and complexity. This paper may serve as a stepping stone for future researchers in cross-disciplinary field of machine learning aided malware forensics.

READ FULL TEXT
research
05/18/2019

The Curious Case of Machine Learning In Malware Detection

In this paper, we argue that machine learning techniques are not ready f...
research
12/24/2019

Integration of Static and Dynamic Analysis for Malware Family Classification with Composite Neural Network

Deep learning has been used in the research of malware analysis. Most cl...
research
06/15/2020

A Survey of Machine Learning Methods and Challenges for Windows Malware Classification

Malware classification is a difficult problem, to which machine learning...
research
03/07/2021

On Ensemble Learning

In this paper, we consider ensemble classifiers, that is, machine learni...
research
11/10/2017

Dynamic Analysis of Executables to Detect and Characterize Malware

It is needed to ensure the integrity of systems that process sensitive i...
research
09/21/2019

Dynamic data fusion using multi-input models for malware classification

Criminals use malware to disrupt cyber-systems. The number of these malw...

Please sign up or login with your details

Forgot password? Click here to reset