Using Static and Dynamic Malware features to perform Malware Ascription
Jashanpreet Singh Sraw, Keshav Kumar
TL;DR
This paper explores using static and dynamic features from malware to classify and attribute malware to their authors, leveraging machine learning and sandbox analysis.
Contribution
It introduces a combined static and dynamic feature approach with machine learning for malware ascription, which is a relatively unexplored area.
Findings
Effective classification of malware families using combined features.
Support Vector Machine achieved high accuracy in malware ascription.
Hyper-parameter tuning improved classifier performance.
Abstract
Malware ascription is a relatively unexplored area, and it is rather difficult to attribute malware and detect authorship. In this paper, we employ various Static and Dynamic features of malicious executables to classify malware based on their family. We leverage Cuckoo Sandbox and machine learning to make progress in this research. Post analysis, classification is performed using various deep learning and machine learning algorithms. Using the features gathered from VirusTotal (static) and Cuckoo (dynamic) reports, we ran the vectorized data against Multinomial Naive Bayes, Support Vector Machine, and Bagging using Decision Trees as the base estimator. For each classifier, we tuned the hyper-parameters using exhaustive search methods. Our reports can be extremely useful in malware ascription.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
MethodsBalanced Selection