INTEGRANDO AS ANÁLISES ESTÁTICA E DINÂMICA DE MALWARES UTILIZANDO APRENDIZADO DE MÁQUINA (Integrating Static and Dynamic Malware Analysis Using Machine Learning)

Reinaldo José Mangialardo (mangialardo@ime.eb.br)1, Julio Cesar Duarte (duarte@ime.eb.br)1


1Instituto Militar de Engenharia

This paper appears in: Revista IEEE América Latina

Publication Date: Sept. 2015
Volume: 13,   Issue: 9 
ISSN: 1548-0992


Abstract:
Malware Analysis and Classification Systems use static and dynamic techniques, in conjunction with machine learning algorithms, to automate the task of identification and classification of malicious codes. Both techniques have weaknesses that allow the use of analysis evasion techniques, hampering the identification of malwares. In this work, we propose the unification of static and dynamic analysis, as a method of collecting data from malware that decreases the chance of success for such evasion techniques. From the data collected in the analysis phase, we use the C5.0 and Random Forest machine learning algorithms, implemented inside the FAMA framework, to perform the identification and classification of malwares into two classes and multiple categories. In our experiments, we showed that the accuracy of the unified analysis achieved an accuracy of 95.75% for the binary classification problem and an accuracy value of 93.02% for the multiple categorization problem. In all experiments, the unified analysis produced better results than those obtained by static and dynamic analyzes isolated.

Index Terms:
Information Security, Malware, Static Analysis, Dynamic Analysis, Unified Analysis, Machine Learning   


Documents that cite this document
This function is not implemented yet.


[PDF Full-Text (348)]