Title :
Malware Automatic Analysis
Author :
Borges de Andrade, Cesar Augusto ; Gomes de Mello, Claudio ; Duarte, Julio Cesar
Author_Institution :
Comput. Eng. Dept., Mil. Eng. Inst. (IME), Rio de Janeiro, Brazil
Abstract :
The malicious code analysis allows malware behavior characteristics to be identified, in other words how does it act in the operating system, what obfuscation techniques are used, which execution flows lead to the primary planned behavior, use of network operations, files downloading operations, user and system´s information capture, access to records, among other activities, in order to learn how malware works, to create ways to identify new malicious softwares with similar behavior, and ways of defense. Manual scanning for signature generation becomes impractical, since it requires a lot of time compared to new malwares´ dissemination and creation speed. Therefore, this paper proposes the use of sandbox techniques and machine learning techniques to automate software identification in this context. This paper, besides presenting a different and faster approach to malware detection, has achieved an accuracy rate of over 90% for the task of malware identifying.
Keywords :
invasive software; learning (artificial intelligence); machine learning techniques; malicious code analysis; malicious softwares; malware automatic analysis; malware behavior characteristics; malware detection; malware dissemination; malware identification; obfuscation techniques; operating system; sandbox techniques; signature generation; software identification; Computational intelligence; Malware; machine learning; malware; sandbox;
Conference_Titel :
Computational Intelligence and 11th Brazilian Congress on Computational Intelligence (BRICS-CCI & CBIC), 2013 BRICS Congress on
Conference_Location :
Ipojuca
DOI :
10.1109/BRICS-CCI-CBIC.2013.119
