Malware Automatic Analysis

Author

Borges de Andrade, Cesar Augusto ; Gomes de Mello, Claudio ; Duarte, Julio Cesar

Author_Institution

Comput. Eng. Dept., Mil. Eng. Inst. (IME), Rio de Janeiro, Brazil

fYear

2013

fDate

8-11 Sept. 2013

Firstpage

681

Lastpage

686

Abstract

The malicious code analysis allows malware behavior characteristics to be identified, in other words how does it act in the operating system, what obfuscation techniques are used, which execution flows lead to the primary planned behavior, use of network operations, files downloading operations, user and system´s information capture, access to records, among other activities, in order to learn how malware works, to create ways to identify new malicious softwares with similar behavior, and ways of defense. Manual scanning for signature generation becomes impractical, since it requires a lot of time compared to new malwares´ dissemination and creation speed. Therefore, this paper proposes the use of sandbox techniques and machine learning techniques to automate software identification in this context. This paper, besides presenting a different and faster approach to malware detection, has achieved an accuracy rate of over 90% for the task of malware identifying.

Keywords

invasive software; learning (artificial intelligence); machine learning techniques; malicious code analysis; malicious softwares; malware automatic analysis; malware behavior characteristics; malware detection; malware dissemination; malware identification; obfuscation techniques; operating system; sandbox techniques; signature generation; software identification; Computational intelligence; Malware; machine learning; malware; sandbox;

fLanguage

English

Publisher

ieee

Conference_Titel

Computational Intelligence and 11th Brazilian Congress on Computational Intelligence (BRICS-CCI & CBIC), 2013 BRICS Congress on

Conference_Location

Ipojuca

Type

conf

DOI

10.1109/BRICS-CCI-CBIC.2013.119

Filename

6855928