Support Vector Machine for Malware Analysis and Classification

Malware is widely used to disrupt computer operation, gain access to users´ computer systems or gather sensitive information. Nowadays, malware is a serious threat of the Internet. Extensive analysis of data on the Web can significantly improve the results of malware detection. However malware analysis has to be supported by methods capable of events correlation and cross-layer correlation detection, heterogeneous data classification, etc. Recently, a class of learning methods building on kernels have emerged as a powerful techniques for combining diverse types of data. The Support Vector Machine (SVM) is a widely used kernel-based method for binary classification. SVM is theoretically well founded and has been already applied to many practical problems. In this paper, we evaluate the results of the application of SVM to threat data analysis to increase the efficiency of malware detection. Our results suggest that SVM is a robust and efficient method that can be successfully used to heterogeneous web datasets classification.