ePrints@IIScePrints@IISc Home | About | Browse | Latest Additions | Advanced Search | Contact | Help

Detection of Malicious Binaries by Applying Machine Learning Models on Static and Dynamic Artefacts

Chukka, AR and Devi, VS (2021) Detection of Malicious Binaries by Applying Machine Learning Models on Static and Dynamic Artefacts. In: 6th International Conference on Internet of Things, Big Data and Security, IoTBDS 2021, 23 - 25 April 2021, Virtual, Online, pp. 29-37.

Full text not available from this repository.
Official URL: https://doi.org/10.5220/0010379600290037

Abstract

In recent times malware attacks on government and private organizations are rising. These attacks are carried out to steal confidential information which leads to loss of privacy, intellectual property issues and loss of revenue. These attacks are sophisticated and described as Advanced Persistent Threats(APT). The payloads used in this type of attacks are polymorphic and metamorphic in nature and contains stealth and root-kit components. As a result the conventional defence mechanisms like rule-based and signature-based methods fail to detect these malware. So modern approaches rely on static and dynamic analysis to detect sophisticated malware. However this process generates huge log files. The domain expert needs to review these logs to classify whether the binary is malicious or benign which is tedious, time consuming and expensive. Our work uses machine learning models trained on the datasets, created using the analysis logs, to overcome these problems. In this paper a number of supervised machine learning models are presented to classify the binary as malicious or benign. In this work we have used automated malware analysis framework to collect run time behavioural artefacts. Static analysis mainly focuses on collecting binary meta information, import functions and opcode sequences. The dataset is created by collecting malware from online sources and benign files from windows operating system and third party software. © 2021 by SCITEPRESS - Science and Technology Publications, Lda.

Item Type: Conference Paper
Publication: International Conference on Internet of Things, Big Data and Security, IoTBDS - Proceedings
Publisher: Science and Technology Publications, Lda
Additional Information: The copyright for this article belongs to the Science and Technology Publications, Lda
Keywords: Decision trees; Information systems; Information use; Malware; Nearest neighbor search; Neural networks; Static analysis; Windows operating system, API sequence; File meta information; Import function; K-near neighbor; Machine learning models; Malware analysis; Malware detection; Malware operational pattern; Malwares; Meta information; Naive bayes; Nearest-neighbour; Op-code sequence; Operational patterns; Portable Executables; Random forests; Support vectors machine, Support vector machines
Department/Centre: Division of Electrical Sciences > Computer Science & Automation
Date Deposited: 07 Oct 2022 10:09
Last Modified: 07 Oct 2022 10:09
URI: https://eprints.iisc.ac.in/id/eprint/77266

Actions (login required)

View Item View Item
Powered by EPrints A service from The J.R.D. Tata Memorial Library Indian Institute of Science, Bengaluru-560012, India