Analysis of Malware behavior: Type classification using machine learning

2015 International Conference on Cyber Situational Awareness, Data Analytics and Assessment, CyberSA 2015

Volumn , Issue , 2015, Pages

  Pirscoveanu, Radu S ^a   Hansen, Steven S ^a   Larsen, Thor M T ^a   Stevanovic, Matija ^a   Pedersen, Jens Myrup ^a   Czech, Alexandre ^b  

^a AALBORG UNIVERSITY   (Denmark)

^b Ecole Centrale Electroniques   (France)

Author keywords

API call; Cuckoo sandbox; dynamic analysis; feature selection; Malware; Random Forests; scalability; supervised machine learning; type classification

Indexed keywords

ARTIFICIAL INTELLIGENCE; COMPUTER CRIME; DECISION TREES; DYNAMIC ANALYSIS; FEATURE EXTRACTION; LEARNING SYSTEMS; SCALABILITY; SUPERVISED LEARNING;

API CALLS; CUCKOO SANDBOX; RANDOM FORESTS; SUPERVISED MACHINE LEARNING; TYPE CLASSIFICATIONS;

MALWARE;

EID: 84963741993     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/CyberSA.2015.7166115     Document Type: Conference Paper

References (16)

1. Avast. "Avast 2015." Internet: https://www.avast.com, 2015 [Feb. 22, 2015].
2. AV-test, Malware, 2014. The Independent IT-Security Institute 2014. http://www.av-test.org/en/statistics/malware/[Feb. 22, 2015].
3. A. Czech, R. S. Pirscoveanu, S. S. Hansen and T. M. T. Larsen Analysis of Malware Behavior: Type Classification using Machine Learning, 2014 Aalborg, Denmark.
4. Cuckoo Foundation. "Automated Malware Analysis-Cuckoo Sandbox." Internet: http://www.cuckoosandbox.org/, 2014 [Feb. 22, 2015].
5. K. Rieck, T. Holz, C. Willems, P. Düssel and P. Laskov Learning and Classification of Malware Behavior, 5th Int. Conf. DIMVA 2008 Paris, France: Springer, 2012.
6. K. Rieck, P. Trinius, C. Willems and T. Holz Automatic of Analysis of Malware Behavior using Machine Learning, 19th Vol. Issue 4 Jour. of Comp. Sec. 2011 Amsterdam, The Netherlands: IOS Press Amsterdam, 2012.
7. L. Breiman. (2001, Jan.). Random Forests. [Online]. Available:http://oz. berkeley.edu/-breiman/randomforest2001 [Feb. 22, 2015].
8. M. Alazab, S. Venkataraman and P. Watters, Towards Understanding Malware Behaviour by the Extraction of API calls, 2nd CTC 2010 Ballarat (VIC), Australia: IEEE, 2012.
9. M. Platts. "The Network Connection Status Icon." Internet: http://blogs.technet.com/b/networking/archive/2012/12/20/the-network-connection-status-icon.aspx, Dec. 20, 2012 [Feb. 22, 2015].
10. R. Tian, R. Islam, L. Battern and S. Versteeg, Differentiating Malware from Cleanware Using Behavioral Analysis, 5th Int. Conf. on Malicious and unwanted Software Nancy, France: IEEE, 2010.
11. T. Hungenberg, M. Eckert. "INetSim: Internet Services Simulation Suite." Internet: http://www.inetsim.org/, 2014 [Feb. 22, 2015].
12. U. Bayer, E. Kirda, C. Kruegel Improving the Efficiency of Dynamic Malware Analysis, 25th Symposium On Applied Computing (SAC), Track on Information Security Research and Applications Lusanne, Switzerland, 2010.
13. VirusShare. "VirusShare.com-Because Sharing is Caring." Internet: http://virusshare.com/, Feb. 22, 2015 [Feb. 22, 2015].
14. VirusTotal. "virustotal." Internet: https://www.virustotal.com/, 2015 [Feb. 22, 2015].
15. WEKA. "Weka 3: Data Mining Software in Java." Internet: http://www. cs.waikato.ac.nz/ml/weka/, 2014 [Feb. 22, 2015].
16. Z. Selehi, M. Ghiasi and A. Sami, A miner for malware detection based on api function calls and their arguments, 16th AISP 2012 Shiraz, Fars: IEEE, 2012.