Security Bootcamp, profile picture
Uploaded bySecurity Bootcamp
PDF, PPTX10,009 views

Malware detection-using-machine-learning

This document discusses using machine learning and deep learning for malware detection. It notes that over 350,000 new malware are created daily, posing a significant threat. Traditional signature-based detection has limitations in detecting new malware. The document reviews research applying machine learning and deep learning techniques to malware detection using static and dynamic analysis of features. It then describes the authors' approach of using opcode frequency models with random forest and neural networks to classify files, achieving 97-98% precision and recall on a test set. The conclusion is that machine learning and deep learning can help address limitations of traditional approaches by enabling detection of new malware.

Technology
Related topics:
Cyber-Security

Embed presentation

Download as PDF, PPTX
http://www.free-powerpoint-templates-design.com Malware Detection using Machine learning & Deep Learning Minh Đức + Đình Phúc CyRadar Team at SBC 2019
Disclaimer: This topic is about Machine Learning & Deep Learning
Contents 1. Reality 2. In Research 3. In CyRadar 4. Demo 5. Conclusion 6. Q&A
1. Reality
over 350,000 new malware per day
- is a very big threat in today’s computing world. - continues to grow in volume and evolve in complexity. - a lot of malware generator. - The number of websites distributing the malware is increasing at an alarming rate and is getting out of control. Malware
- Signature-based: code, hash, behavior, rules,... Malware detection Advantages Disadvantages High accurancy Unable to detect new malware. Easy to bypass. Require update database frequenly. Rely on human expertise in creating the signatures
*A Theoretical Feature-wise Study of Malware Detection Techniques
2. In Research
1 Malware Detection using Machine Learning and Deep Learning | Hemant Rathore, Swati Agarwal, Sanjay K. Sahay and Mohit Sewak BITS, Pilani | Dept. of CS & IS, Goa Campus, Goa, India | 4 Apr 2019. 2 Malware Detection using Windows Api Sequence and Machine Learning | Chandrasekar Ravi, R Manoharan | Chandrasekar Ravi, R Manoharan | Department of Computer Science and Engineering, Pondicherry Engineering College,Pillaichavady, Puducherry - 605014, India | April 2012 3 DeepSign: Deep Learning for Automatic Malware Signature Generation and Classification | Eli (Omid) David | Dept. of Computer Science Bar-Ilan University | 23 Nov 2017 4 DeepAM: a heterogeneous deep learning framework for intelligent malware detection | Yanfang Ye1 · Lingwei Chen1 · Shifu Hou1 · William Hardy1 · Xin Li | 12 May 2016 5 Behavior-based features model for malware detection | Hisham Shehata Galal1 · Yousef Bassyouni Mahdy1 · Mohammed Ali Atiea1 | 12 December 2014 6 A Fast Malware Detection Algorithm Based on Objective-Oriented Association Mining | Yuxin Ding, Xuebing Yuan, Ke Tang, Xiao Xiao, Yibin Zhang | 19 January 2013
Machine learning principle Training phase Detection phase Extract features Benign/malware Training Predictive model Predictive model Unknow Model decision
Dataset: • VirusTotal. • Windows API library. • VxHeavens website. • Malicia project. • ... small, outdate data.
Malware detection Static analysis Dynamic analysis Features: • Raw Byte. • Strings. • Header • Metadata • Entropy • Opcodes • …. Features: • API calls • Resource usage • Ports • Host • Arguments • …..
Malware detection Static analysis Dynamic analysis Advantages: • Allows malicious files to be detected prior to execution. • Easy to run. • Fast identification. Advantages: • Detecting unconceived types of malware attacks. • Detecting the polymorphic malwares.
Malware detection Static analysis Dynamic analysis Disadvantages: • Failing to detect the polymorphic malwares. • Each model per sub-type. • Mistaken for encryption, fileless malwares,... Disadvantages: • Hard to extract feartures. • Storage complexity for behavioral patterns. • Time complexity.
Algorithms: • Supervised learning: • Decision tree. • Random forest. • Logistic Regression. • SVM. • Deep Learning • ... • Unsupervised learning: • KNN • A lot of algorithms have good results. (> 90%) • Random forest has best results.
1. CrowdStrike 2. Cylance 3. Endgame 4. MAX 5. Trapmine 6. SeintinelOne 7. Sophos ML The AV Industry
3. In CyRadar
PE32 files push xor …...... call jm 0.125 0.23 ….. 0.345 0.098 0.071 0.123 …. 0.32 0.22 Opcode frequency models • Binary classification problem • Static analysis
Opcode is the portion of a machine language instruction that specifies what operation is to be performed by the central processing unit (CPU).
Step 1: Collect data: • Download pages • Window's system files. • Virustotal. Benign Malware
Step 1: Collect data. Step 2: Data cleaning: 1. Remove dupplicated files. 2. Verify with virustotal's API. Source Number of files Crawl from download pages 10899 Windows 7 4804 Windows 8 7768 Windows 10 8394 Virustotal 44984 Benign Malware 31865 44984
Step 1: Collect data. Step 2: Data cleaning. Step 3: Extract features: 1. Disassembly files. 2. Calculate opcode's frequency. • Features matrix: 63730 files X 1230 opcode mov push …. xor and 120 150 ... 100 30 065 12 ... 239 123
Step 1: Collect data. Step 2: Preprocessing. Step 3: Extract features. Step 4: Data preprocessing: 1. Variance threshold (0.1) 2. Remove NANs • Features matrix: 50388 files X 681 opcode • Reduce ~45% features
Step 1: Collect data. Step 2: Preprocessing. Step 3: Extract features. Step 4: Data preprocessing: 1. Variance threshold (0.1) 2. Calculate opcode percentage. 3. Remove NANs. 4. Standardize features.
Step 1: Collect data. Step 2: Preprocessing. Step 3: Extract features. Step 4: Dimension reduction. Step 5: Training: 1. Split train-test data: • Train: (45349, 681) • Test : (5039, 681) 2. Try with algorithms: • Random forest. • SVM • Linear regression • Neural network (9 layers) Random forest Neural network
Step 1: Collect data. Step 2: Preprocessing. Step 3: Extract features. Step 4: Dimension reduction. Step 5: Training. Step 6: Evaluate models:
Step 1: Collect data. Step 2: Preprocessing. Step 3: Extract features. Step 4: Dimension reduction. Step 5: Training. Step 6: Evaluate models: • Testset: ~5000 files: • ~2900 malware • ~2100 benign Algorithm precision recall Random Forest (Machine Learning) 98% (1996/2037) 97% (2037/2100) Deep learning (DNN 9 Layers) 96% (1955/2037) 97% (2037/2100)
4. Demo
5. Conclusion 1. Malware is continues to grow in volume and evolve in complexity. 2. Traditional approaches is less effective to detect new malware. 3. There are a lot of research using ML & DL to detect malware. 4. Industries are trying to apply in to the real world products.
Internet Shield Advanced Threat Detection Web Email DNS EDR EDR Integrated to Threat Intelligence Platform
6. Q&A

More Related Content

PPTX
Malware classification using Machine Learning
byJapneet Singh
 
PPTX
Malware Classification and Analysis
byPrashant Chopra
 
PPT
Malware Detection using Machine Learning
byCysinfo Cyber Security Community
 
PPTX
Malware Detection Using Machine Learning Techniques
byArshadRaja786
 
ODP
Malware Dectection Using Machine learning
byShubham Dubey
 
PPTX
Presentation_Malware Analysis.pptx
bynishanth kurush
 
PDF
Machine Learning in Malware Detection
byKaspersky
 
PPTX
Malware Detection By Machine Learning Presentation.pptx
byalishapatidar2021
 
Malware classification using Machine Learning
byJapneet Singh
 
Malware Classification and Analysis
byPrashant Chopra
 
Malware Detection using Machine Learning
byCysinfo Cyber Security Community
 
Malware Detection Using Machine Learning Techniques
byArshadRaja786
 
Malware Dectection Using Machine learning
byShubham Dubey
 
Presentation_Malware Analysis.pptx
bynishanth kurush
 
Machine Learning in Malware Detection
byKaspersky
 
Malware Detection By Machine Learning Presentation.pptx
byalishapatidar2021
 

What's hot

PPTX
malware analysis
by20CS201AkashR
 
PPTX
Machine learning in Cyber Security
byRajathV2
 
PPTX
Malware Analysis
byRamin Farajpour Cami
 
PPTX
Cyber Threat Intelligence.pptx
byAbimbolaFisher1
 
PPTX
Cyber security
byManjushree Mashal
 
PDF
Security and Privacy of Machine Learning
byPriyanka Aash
 
PDF
Fast detection of Android malware: machine learning approach
byYury Leonychev
 
PPTX
Machine Learning and Real-World Applications
byMachinePulse
 
PDF
Cyber Threat Intelligence
bymohamed nasri
 
PPTX
Operating Systems: Computer Security
byDamian T. Gordon
 
PPTX
Malware analysis
byPrakashchand Suthar
 
PPTX
Fake News detection.pptx
bySanad Bhowmik
 
PPT
Intrusion detection system ppt
bySheetal Verma
 
PPTX
Ethical hacking
byGanesh Vadulekar
 
PPTX
Introduction to Deep Learning
byOswald Campesato
 
PDF
Ethical Hacking Tools
byMultisoft Virtual Academy
 
PDF
MITRE ATT&CK Framework
byn|u - The Open Security Community
 
PPTX
Introduction to Malware Analysis
byAndrew McNicol
 
PPTX
Data security in cloud computing
byPrince Chandu
 
PPTX
System security
byinvertis university
 
malware analysis
by20CS201AkashR
 
Machine learning in Cyber Security
byRajathV2
 
Malware Analysis
byRamin Farajpour Cami
 
Cyber Threat Intelligence.pptx
byAbimbolaFisher1
 
Cyber security
byManjushree Mashal
 
Security and Privacy of Machine Learning
byPriyanka Aash
 
Fast detection of Android malware: machine learning approach
byYury Leonychev
 
Machine Learning and Real-World Applications
byMachinePulse
 
Cyber Threat Intelligence
bymohamed nasri
 
Operating Systems: Computer Security
byDamian T. Gordon
 
Malware analysis
byPrakashchand Suthar
 
Fake News detection.pptx
bySanad Bhowmik
 
Intrusion detection system ppt
bySheetal Verma
 
Ethical hacking
byGanesh Vadulekar
 
Introduction to Deep Learning
byOswald Campesato
 
Ethical Hacking Tools
byMultisoft Virtual Academy
 
MITRE ATT&CK Framework
byn|u - The Open Security Community
 
Introduction to Malware Analysis
byAndrew McNicol
 
Data security in cloud computing
byPrince Chandu
 
System security
byinvertis university
 

Similar to Malware detection-using-machine-learning

PDF
Malware Detection - A Machine Learning Perspective
byChong-Kuan Chen
 
PDF
Adversarial machine learning for av software
byjunseok seo
 
PPTX
malware detection ppt for vtu project and other final year project
byNaveenAd4
 
PPTX
Advanced Malware Detection Model Presentation
byvindumaurya90
 
PDF
Design and Development of an Efficient Malware Detection Using ML
bySiva krishnam raju Patsamatla
 
PPTX
savi technical ppt.pptx
by4GH20CS407POONAM
 
DOCX
A malware detection method for health sensor data based on machine learning
byjaigera
 
PPTX
Malware Classification Using Deep Learning
byKourosh Sajjadi
 
PPTX
Automated Malware Detection Project R1.pptx
bypraharsh23bcy10246
 
PDF
978-3-031-88653-9_74aaaaaaaaaaaaaaaaaaaaaaaaaaaaa.pdf
byTrnHung5
 
PDF
Zero day malware detection
bysujeeshkumarj
 
PPTX
Presentation.pptx..................................
byShivakrishnan18
 
PDF
sensors-25-0115aaaaaaaaaaaaaaaaaaaaaaaaa3-v3.pdf
byTrnHung5
 
PDF
Fisher exact Boschloo and polynomial vector learning for malware detection
byIJECEIAES
 
PPTX
Understand How Machine Learning Defends Against Zero-Day Threats
byRahul Mohandas
 
PDF
A STATIC MALWARE DETECTION SYSTEM USING DATA MINING METHODS
byijaia
 
PDF
IRJET - Survey on Malware Detection using Deep Learning Methods
byIRJET Journal
 
PPTX
Presentation (1).pptx
byRanjithCherry1
 
PPTX
Malware_SmartCom_2017
byFoodieBuddy
 
PDF
Malware Detection Module using Machine Learning Algorithms to Assist in Centr...
byIJNSA Journal
 
Malware Detection - A Machine Learning Perspective
byChong-Kuan Chen
 
Adversarial machine learning for av software
byjunseok seo
 
malware detection ppt for vtu project and other final year project
byNaveenAd4
 
Advanced Malware Detection Model Presentation
byvindumaurya90
 
Design and Development of an Efficient Malware Detection Using ML
bySiva krishnam raju Patsamatla
 
savi technical ppt.pptx
by4GH20CS407POONAM
 
A malware detection method for health sensor data based on machine learning
byjaigera
 
Malware Classification Using Deep Learning
byKourosh Sajjadi
 
Automated Malware Detection Project R1.pptx
bypraharsh23bcy10246
 
978-3-031-88653-9_74aaaaaaaaaaaaaaaaaaaaaaaaaaaaa.pdf
byTrnHung5
 
Zero day malware detection
bysujeeshkumarj
 
Presentation.pptx..................................
byShivakrishnan18
 
sensors-25-0115aaaaaaaaaaaaaaaaaaaaaaaaa3-v3.pdf
byTrnHung5
 
Fisher exact Boschloo and polynomial vector learning for malware detection
byIJECEIAES
 
Understand How Machine Learning Defends Against Zero-Day Threats
byRahul Mohandas
 
A STATIC MALWARE DETECTION SYSTEM USING DATA MINING METHODS
byijaia
 
IRJET - Survey on Malware Detection using Deep Learning Methods
byIRJET Journal
 
Presentation (1).pptx
byRanjithCherry1
 
Malware_SmartCom_2017
byFoodieBuddy
 
Malware Detection Module using Machine Learning Algorithms to Assist in Centr...
byIJNSA Journal
 

More from Security Bootcamp

PPTX
AI-ttacks - Nghiên cứu về một số tấn công vào các mô hình học máy và AI
bySecurity Bootcamp
 
PDF
Akamai_ API Security Best Practices - Real-world attacks and breaches
bySecurity Bootcamp
 
PDF
Let the Hunt Begin - Security Bootcamp 2024
bySecurity Bootcamp
 
PPTX
SBC2024_AI TRONG CYBER SECURITY_final.pptx
bySecurity Bootcamp
 
PDF
Modern Security Operations - Building and leading modern SOC
bySecurity Bootcamp
 
PDF
Detection as Code - Effective Approach to manage & optimize SOC Development
bySecurity Bootcamp
 
PPTX
DLL Sideloading cho mọi nhà - Security Bootcamp 2024
bySecurity Bootcamp
 
PDF
CyberJutsu - The Joern-ey of Static Code Analysis.pdf
bySecurity Bootcamp
 
PDF
Ẩn mình kết nối C&C - Xu hướng tấn công và cách phòng thủ
bySecurity Bootcamp
 
PDF
Phân tích một chiến dịch ransomware: Từ lan truyền đến tống tiền
bySecurity Bootcamp
 
PDF
Empowering Malware Analysis with IDA AppCall
bySecurity Bootcamp
 
PPTX
Cyber GenAI – Another Chatbot? - Trellix
bySecurity Bootcamp
 
PPTX
Security in the AI and Web3 era - Veramine
bySecurity Bootcamp
 
PPTX
Human and AI - Balancing Innovation and Data Privacy in the Age of Cyber Threats
bySecurity Bootcamp
 
PPTX
Robustness of Deep learning mode ls.pptx
bySecurity Bootcamp
 
PDF
Quản trị rủi ro nguồn mở tại các doanh nghiệp phần mềm Việt Nam
bySecurity Bootcamp
 
PDF
ĐỂ AI ĐƯỢC AN TOÀN, MINH BẠCH, CÓ TRÁCH NHIỆM VÀ ‘NHÂN TÍNH’ HƠN
bySecurity Bootcamp
 
PDF
Humanity and AI: Balancing Innovation and Data Privacy in the Age of Cyber Th...
bySecurity Bootcamp
 
PPTX
How to steal a drone Drone Hijacking - VNPT Cyber Immunity
bySecurity Bootcamp
 
PDF
Detection of Spreading Process on many assets over the network
bySecurity Bootcamp
 
AI-ttacks - Nghiên cứu về một số tấn công vào các mô hình học máy và AI
bySecurity Bootcamp
 
Akamai_ API Security Best Practices - Real-world attacks and breaches
bySecurity Bootcamp
 
Let the Hunt Begin - Security Bootcamp 2024
bySecurity Bootcamp
 
SBC2024_AI TRONG CYBER SECURITY_final.pptx
bySecurity Bootcamp
 
Modern Security Operations - Building and leading modern SOC
bySecurity Bootcamp
 
Detection as Code - Effective Approach to manage & optimize SOC Development
bySecurity Bootcamp
 
DLL Sideloading cho mọi nhà - Security Bootcamp 2024
bySecurity Bootcamp
 
CyberJutsu - The Joern-ey of Static Code Analysis.pdf
bySecurity Bootcamp
 
Ẩn mình kết nối C&C - Xu hướng tấn công và cách phòng thủ
bySecurity Bootcamp
 
Phân tích một chiến dịch ransomware: Từ lan truyền đến tống tiền
bySecurity Bootcamp
 
Empowering Malware Analysis with IDA AppCall
bySecurity Bootcamp
 
Cyber GenAI – Another Chatbot? - Trellix
bySecurity Bootcamp
 
Security in the AI and Web3 era - Veramine
bySecurity Bootcamp
 
Human and AI - Balancing Innovation and Data Privacy in the Age of Cyber Threats
bySecurity Bootcamp
 
Robustness of Deep learning mode ls.pptx
bySecurity Bootcamp
 
Quản trị rủi ro nguồn mở tại các doanh nghiệp phần mềm Việt Nam
bySecurity Bootcamp
 
ĐỂ AI ĐƯỢC AN TOÀN, MINH BẠCH, CÓ TRÁCH NHIỆM VÀ ‘NHÂN TÍNH’ HƠN
bySecurity Bootcamp
 
Humanity and AI: Balancing Innovation and Data Privacy in the Age of Cyber Th...
bySecurity Bootcamp
 
How to steal a drone Drone Hijacking - VNPT Cyber Immunity
bySecurity Bootcamp
 
Detection of Spreading Process on many assets over the network
bySecurity Bootcamp
 

Recently uploaded

PDF
Best Bank Statement Converter Software - A Documentation-Based Meta-Analysis ...
bylewisconrada
 
PDF
Chapter 1 Introduction to Computer Security.pdf
byGetnet Tigabie Askale -(GM)
 
PPTX
DVCON24-IBM ai/ml driven hardware verification
byArun Joseph
 
PDF
Presentation on Four Stroke Engine of Ic engine
bySonam Sherpa
 
PDF
oracle_apex_tamil_export_an_application.pdf
byUthamaselvan M
 
PDF
Mobile Onboarding UX 11 Best Practices for Retention (2026).pdf
byDesign Studio UI UX
 
PDF
JR : Quality Random Data from the Command line
byGiovanni Marigi
 
PPTX
DATALIVA-Presentation-EN_2026 Budgeting SAP Odoo ERP
byMustafa Kuğu
 
PPTX
Building Real-Time Voice AI — Udaiappa Ramachandran
byUdaiappa Ramachandran
 
PPTX
KTU-PEMET413 -MODULE 2-POLYMER MATRIX COMPOSITES - LECTURE 1.pptx
byVINAY B
 
PPTX
TechSprint Kickoff - Everything You Need to Know
bygdgcodecellcmpn
 
PDF
Master the FME Connector for ArcGIS: Streamlined Data Management & Robust Met...
bySafe Software
 
PPTX
Unit 1 Introduction of Computer Networks
bySuvarnaSharma5
 
PDF
Generating Structured Outputs from Unstructured Content Using LLMs
byEnterprise Knowledge
 
PDF
Digital Transformation Services The Key to Futureproofing Your Business
byQuadrafort Technolgies
 
PPTX
IBM_NEXA_DAC2021 NEXA, a cloud-native platform for collaborative hardware log...
byArun Joseph
 
DOCX
Quercus semecarpifolia is widely recognized as a keystone species in alpine a...
byMadan Bhandari university and St. Xavier's college , Maitighar
 
PDF
Taxonomy Principles to Support Knowledge Management at a Not-for-Profit
byEnterprise Knowledge
 
PDF
Azure Identity, Governance, and Monitoring solutions
byVICTOR MAESTRE RAMIREZ
 
PDF
Higgsfield AI: The New Way to Create Cinematic Video
bytechnologyupside
 
Best Bank Statement Converter Software - A Documentation-Based Meta-Analysis ...
bylewisconrada
 
Chapter 1 Introduction to Computer Security.pdf
byGetnet Tigabie Askale -(GM)
 
DVCON24-IBM ai/ml driven hardware verification
byArun Joseph
 
Presentation on Four Stroke Engine of Ic engine
bySonam Sherpa
 
oracle_apex_tamil_export_an_application.pdf
byUthamaselvan M
 
Mobile Onboarding UX 11 Best Practices for Retention (2026).pdf
byDesign Studio UI UX
 
JR : Quality Random Data from the Command line
byGiovanni Marigi
 
DATALIVA-Presentation-EN_2026 Budgeting SAP Odoo ERP
byMustafa Kuğu
 
Building Real-Time Voice AI — Udaiappa Ramachandran
byUdaiappa Ramachandran
 
KTU-PEMET413 -MODULE 2-POLYMER MATRIX COMPOSITES - LECTURE 1.pptx
byVINAY B
 
TechSprint Kickoff - Everything You Need to Know
bygdgcodecellcmpn
 
Master the FME Connector for ArcGIS: Streamlined Data Management & Robust Met...
bySafe Software
 
Unit 1 Introduction of Computer Networks
bySuvarnaSharma5
 
Generating Structured Outputs from Unstructured Content Using LLMs
byEnterprise Knowledge
 
Digital Transformation Services The Key to Futureproofing Your Business
byQuadrafort Technolgies
 
IBM_NEXA_DAC2021 NEXA, a cloud-native platform for collaborative hardware log...
byArun Joseph
 
Quercus semecarpifolia is widely recognized as a keystone species in alpine a...
byMadan Bhandari university and St. Xavier's college , Maitighar
 
Taxonomy Principles to Support Knowledge Management at a Not-for-Profit
byEnterprise Knowledge
 
Azure Identity, Governance, and Monitoring solutions
byVICTOR MAESTRE RAMIREZ
 
Higgsfield AI: The New Way to Create Cinematic Video
bytechnologyupside
 

Malware detection-using-machine-learning

  • 1.
    http://www.free-powerpoint-templates-design.com Malware Detection using Machinelearning & Deep Learning Minh Đức + Đình Phúc CyRadar Team at SBC 2019
  • 2.
    Disclaimer: This topicis about Machine Learning & Deep Learning
  • 3.
    Contents 1. Reality 2. InResearch 3. In CyRadar 4. Demo 5. Conclusion 6. Q&A
  • 4.
  • 5.
    over 350,000 newmalware per day
  • 6.
    - is avery big threat in today’s computing world. - continues to grow in volume and evolve in complexity. - a lot of malware generator. - The number of websites distributing the malware is increasing at an alarming rate and is getting out of control. Malware
  • 7.
    - Signature-based: code,hash, behavior, rules,... Malware detection Advantages Disadvantages High accurancy Unable to detect new malware. Easy to bypass. Require update database frequenly. Rely on human expertise in creating the signatures
  • 8.
    *A Theoretical Feature-wiseStudy of Malware Detection Techniques
  • 9.
  • 10.
    1 Malware Detectionusing Machine Learning and Deep Learning | Hemant Rathore, Swati Agarwal, Sanjay K. Sahay and Mohit Sewak BITS, Pilani | Dept. of CS & IS, Goa Campus, Goa, India | 4 Apr 2019. 2 Malware Detection using Windows Api Sequence and Machine Learning | Chandrasekar Ravi, R Manoharan | Chandrasekar Ravi, R Manoharan | Department of Computer Science and Engineering, Pondicherry Engineering College,Pillaichavady, Puducherry - 605014, India | April 2012 3 DeepSign: Deep Learning for Automatic Malware Signature Generation and Classification | Eli (Omid) David | Dept. of Computer Science Bar-Ilan University | 23 Nov 2017 4 DeepAM: a heterogeneous deep learning framework for intelligent malware detection | Yanfang Ye1 · Lingwei Chen1 · Shifu Hou1 · William Hardy1 · Xin Li | 12 May 2016 5 Behavior-based features model for malware detection | Hisham Shehata Galal1 · Yousef Bassyouni Mahdy1 · Mohammed Ali Atiea1 | 12 December 2014 6 A Fast Malware Detection Algorithm Based on Objective-Oriented Association Mining | Yuxin Ding, Xuebing Yuan, Ke Tang, Xiao Xiao, Yibin Zhang | 19 January 2013
  • 11.
    Machine learning principle Trainingphase Detection phase Extract features Benign/malware Training Predictive model Predictive model Unknow Model decision
  • 12.
    Dataset: • VirusTotal. • WindowsAPI library. • VxHeavens website. • Malicia project. • ... small, outdate data.
  • 13.
    Malware detection Static analysisDynamic analysis Features: • Raw Byte. • Strings. • Header • Metadata • Entropy • Opcodes • …. Features: • API calls • Resource usage • Ports • Host • Arguments • …..
  • 14.
    Malware detection Static analysisDynamic analysis Advantages: • Allows malicious files to be detected prior to execution. • Easy to run. • Fast identification. Advantages: • Detecting unconceived types of malware attacks. • Detecting the polymorphic malwares.
  • 15.
    Malware detection Static analysisDynamic analysis Disadvantages: • Failing to detect the polymorphic malwares. • Each model per sub-type. • Mistaken for encryption, fileless malwares,... Disadvantages: • Hard to extract feartures. • Storage complexity for behavioral patterns. • Time complexity.
  • 16.
    Algorithms: • Supervised learning: •Decision tree. • Random forest. • Logistic Regression. • SVM. • Deep Learning • ... • Unsupervised learning: • KNN • A lot of algorithms have good results. (> 90%) • Random forest has best results.
  • 17.
    1. CrowdStrike 2. Cylance 3.Endgame 4. MAX 5. Trapmine 6. SeintinelOne 7. Sophos ML The AV Industry
  • 18.
  • 19.
    PE32 files push xor…...... call jm 0.125 0.23 ….. 0.345 0.098 0.071 0.123 …. 0.32 0.22 Opcode frequency models • Binary classification problem • Static analysis
  • 20.
    Opcode is the portionof a machine language instruction that specifies what operation is to be performed by the central processing unit (CPU).
  • 21.
    Step 1: Collectdata: • Download pages • Window's system files. • Virustotal. Benign Malware
  • 22.
    Step 1: Collectdata. Step 2: Data cleaning: 1. Remove dupplicated files. 2. Verify with virustotal's API. Source Number of files Crawl from download pages 10899 Windows 7 4804 Windows 8 7768 Windows 10 8394 Virustotal 44984 Benign Malware 31865 44984
  • 23.
    Step 1: Collectdata. Step 2: Data cleaning. Step 3: Extract features: 1. Disassembly files. 2. Calculate opcode's frequency. • Features matrix: 63730 files X 1230 opcode mov push …. xor and 120 150 ... 100 30 065 12 ... 239 123
  • 24.
    Step 1: Collectdata. Step 2: Preprocessing. Step 3: Extract features. Step 4: Data preprocessing: 1. Variance threshold (0.1) 2. Remove NANs • Features matrix: 50388 files X 681 opcode • Reduce ~45% features
  • 25.
    Step 1: Collectdata. Step 2: Preprocessing. Step 3: Extract features. Step 4: Data preprocessing: 1. Variance threshold (0.1) 2. Calculate opcode percentage. 3. Remove NANs. 4. Standardize features.
  • 26.
    Step 1: Collectdata. Step 2: Preprocessing. Step 3: Extract features. Step 4: Dimension reduction. Step 5: Training: 1. Split train-test data: • Train: (45349, 681) • Test : (5039, 681) 2. Try with algorithms: • Random forest. • SVM • Linear regression • Neural network (9 layers) Random forest Neural network
  • 27.
    Step 1: Collectdata. Step 2: Preprocessing. Step 3: Extract features. Step 4: Dimension reduction. Step 5: Training. Step 6: Evaluate models:
  • 28.
    Step 1: Collectdata. Step 2: Preprocessing. Step 3: Extract features. Step 4: Dimension reduction. Step 5: Training. Step 6: Evaluate models: • Testset: ~5000 files: • ~2900 malware • ~2100 benign Algorithm precision recall Random Forest (Machine Learning) 98% (1996/2037) 97% (2037/2100) Deep learning (DNN 9 Layers) 96% (1955/2037) 97% (2037/2100)
  • 29.
  • 30.
    5. Conclusion 1. Malwareis continues to grow in volume and evolve in complexity. 2. Traditional approaches is less effective to detect new malware. 3. There are a lot of research using ML & DL to detect malware. 4. Industries are trying to apply in to the real world products.
  • 31.
  • 32.