KEMBAR78
Malware Dectection Using Machine learning | ODP
Shubham Dubey, profile picture
Uploaded byShubham Dubey
ODP, PDF1,228 views

Malware Dectection Using Machine learning

The document discusses malware detection using machine learning, highlighting the limitations of traditional signature-based methods in identifying polymorphic malware. It presents a solution that utilizes API sequence features and outlines the use of Cuckoo Sandbox for analysis, followed by feature extraction and machine learning algorithms like Random Forest and Support Vector Machines. Ultimately, the experiments demonstrate that integrated machine learning classifiers outperform traditional methods, with Random Forest achieving the highest accuracy at 95.69% for multi-class classification.

Software
Related topics:
Malware Analysis Guide
Downloaded 24 times
Malware Detection using Machine Learning By: Shubham Dubey(14ucs114)
Malware overview ●Malicious software that tries to damage or perform unauthorized access to your system. ●Can be of different type: Virus | Trojan | Adware | Worm etc ●More then 1 Lacs new samples found by AV companies every day. ●Most of them are Variant of each other or some old samples.
Current status of Detection ●Currently Antivirus company use signature based detection. ●Signature can be anything from strings to assembly code snippets.
Problem with current method ●Polymorphic malware can change their code on every execution. ●Most malware can encrypt or Pack themselves using packers. ●Detecting those malware using signature doesn’t work all the time.
Solution using ML ●API sequence features can be used to detect if a file is malicious or not. ●API calls are robust way of analysis as they cannot be alter easily. ●They outline everything happening to the operating system, including the operations on the files,registry, mutexes, processes and other features mentioned earlier. ●For example, OpenFile, CreateFile define the file operations, OpenMutex, CreateMutex and describe mutexes opened/created.
Our System Description ●Cuckoo sandbox is used to analyze and record all Api calls. ●File report get saved into json format file. ●Calls get parsed to save inside csv file in matrix vector format. ●Samples with less then 10 calls(or any other user set value) get ignored.
Feature extraction ● The frequency representation approach has been taken. ●S1,S2..are sample number. API1,API2 are Calls made to an API.
Redundant subsequence removal methods ●There are large number of useless api call sequence present. ●They can be removed using N-gram sample subsequence extraction. ●Match if some api calling pattern is present in many sample then remove it.(Works like sliding window)
Redundant subsequence removal methods ●Other method can be using information gain ●C entropy of the malware detection system ● H(C) is the information entropy ●The information gain of the subsequence T to class C is: ●p(ti) is the probability that the feature appear and p(tj) is opposite.
Using machine learning methods ●After the features were extracted and selected, we can apply the machine learning methods to the data that we obtained. ●The packages used for the implementation of algorithms are: Random Forest – randomForest K-Nearest Neighbours – class Support Vector Machines – kernlab J48 Decision Tree – RWeka
Using machine learning methods ●After the features were extracted and selected, we can apply the machine learning methods to the data that we obtained. ●The packages used for the implementation of algorithms are: Random Forest – randomForest K-Nearest Neighbours – class Support Vector Machines – kernlab J48 Decision Tree – RWeka
Comparison method ●The Cuckoo analysis score is an indication of how malicious an analyzed file is. ●In total, there are three levels of severity and all levels have their score of severity: 1 for low, 2 for medium and 3 for high. ●It is hard to measure the accuracy of the detection since there is no threshold value indicating whether the sample is malicious or not. ●This can be compare with the result received by ML algorithms.
Results ●The accuracy of detection is measured as the percentage of correctly identified instances:
Support Vector Machines Results ●The overall accuracy achieved was 87.6% for multi- class classification and 94.6% for binary classification.
Random Forest Results ●The algorithm resulted in a good accuracy of predictions, 95.69% for multi-class classification and 96.8% for binary classification.
KNN Results ●As it can be seen, the best accuracy was achieved with k=1. The algorithm resulted in a good accuracy of 87% for multi-class classification and 94.6% for two-class classification.
Conclusion Experiments show that the integrated Machine learning classifier has a better performance than the separate signature based Detection.
Conclusion In classification problems, different models gave different results. The lowest accuracy was achieved by Naive Bayes (72.34% and 55%), followed by k-Nearest-Neighbors and Support Vector Machines (87%, 94.6% and 87.6%, 94.6% respectively). The highest accuracy was achieved with the J48 and Random Forest models, and it was equal to 93.3% and 95.69% for multi-class classification and 94.6% and 96.8% for binary classification respectively.
Thank You

More Related Content

PPTX
Malware Detection By Machine Learning Presentation.pptx
byalishapatidar2021
 
PPTX
Malware classification using Machine Learning
byJapneet Singh
 
PPTX
Malware Detection Using Machine Learning Techniques
byArshadRaja786
 
PPT
Malware Detection using Machine Learning
byCysinfo Cyber Security Community
 
PDF
Fast detection of Android malware: machine learning approach
byYury Leonychev
 
PDF
Machine Learning in Malware Detection
byKaspersky
 
PPTX
Malware Classification and Analysis
byPrashant Chopra
 
PDF
Malware detection-using-machine-learning
bySecurity Bootcamp
 
Malware Detection By Machine Learning Presentation.pptx
byalishapatidar2021
 
Malware classification using Machine Learning
byJapneet Singh
 
Malware Detection Using Machine Learning Techniques
byArshadRaja786
 
Malware Detection using Machine Learning
byCysinfo Cyber Security Community
 
Fast detection of Android malware: machine learning approach
byYury Leonychev
 
Machine Learning in Malware Detection
byKaspersky
 
Malware Classification and Analysis
byPrashant Chopra
 
Malware detection-using-machine-learning
bySecurity Bootcamp
 

What's hot

PDF
Malware Detection - A Machine Learning Perspective
byChong-Kuan Chen
 
PPTX
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...
byJowin John Chemban
 
PPTX
Network attacks
byManjushree Mashal
 
PPT
Software security
byRoman Oliynykov
 
PPT
Intrusion detection system ppt
bySheetal Verma
 
PPTX
Basics of Denial of Service Attacks
byHansa Nidushan
 
PPTX
Advanced persistent threat (apt)
bymmubashirkhan
 
PPTX
Activation function
byAstha Jain
 
PDF
HOW AI CAN HELP IN CYBERSECURITY
byPriyanshu Ratnakar
 
PDF
Using Machine Learning in Networks Intrusion Detection Systems
byOmar Shaya
 
PPTX
Metasploit
byhenelpj
 
PPTX
Credit card fraud detection methods using Data-mining.pptx (2)
byk.surya kumar
 
PPTX
Data Encryption Standard (DES)
byHaris Ahmed
 
PPTX
Feedforward neural network
bySopheaktra YONG
 
PPTX
Convolution Neural Network (CNN)
bySuraj Aavula
 
PDF
Lecture 1: What is Machine Learning?
byMarina Santini
 
PPT
Malware Analysis Made Simple
byPaul Melson
 
PPTX
Artificial Intelligence and Cybersecurity
byOlivier Busolini
 
PPTX
Image classification using CNN
byNoura Hussein
 
PDF
Computer Security and Intrusion Detection(IDS/IPS)
byLJ PROJECTS
 
Malware Detection - A Machine Learning Perspective
byChong-Kuan Chen
 
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...
byJowin John Chemban
 
Network attacks
byManjushree Mashal
 
Software security
byRoman Oliynykov
 
Intrusion detection system ppt
bySheetal Verma
 
Basics of Denial of Service Attacks
byHansa Nidushan
 
Advanced persistent threat (apt)
bymmubashirkhan
 
Activation function
byAstha Jain
 
HOW AI CAN HELP IN CYBERSECURITY
byPriyanshu Ratnakar
 
Using Machine Learning in Networks Intrusion Detection Systems
byOmar Shaya
 
Metasploit
byhenelpj
 
Credit card fraud detection methods using Data-mining.pptx (2)
byk.surya kumar
 
Data Encryption Standard (DES)
byHaris Ahmed
 
Feedforward neural network
bySopheaktra YONG
 
Convolution Neural Network (CNN)
bySuraj Aavula
 
Lecture 1: What is Machine Learning?
byMarina Santini
 
Malware Analysis Made Simple
byPaul Melson
 
Artificial Intelligence and Cybersecurity
byOlivier Busolini
 
Image classification using CNN
byNoura Hussein
 
Computer Security and Intrusion Detection(IDS/IPS)
byLJ PROJECTS
 

Similar to Malware Dectection Using Machine learning

PDF
COMPARISON OF MALWARE CLASSIFICATION METHODS USING CONVOLUTIONAL NEURAL NETWO...
byIJNSA Journal
 
PPTX
malware detection ppt for vtu project and other final year project
byNaveenAd4
 
PDF
Selecting Prominent API Calls and Labeling Malicious Samples for Effective Ma...
byIJCSIS Research Publications
 
PDF
978-3-031-88653-9_74aaaaaaaaaaaaaaaaaaaaaaaaaaaaa.pdf
byTrnHung5
 
PPTX
Presentation.pptx..................................
byShivakrishnan18
 
PPTX
Presentation (1).pptx
byRanjithCherry1
 
PPTX
Presentation2 for the enthusiast who wants to download
byrsaumita01
 
DOCX
A malware detection method for health sensor data based on machine learning
byjaigera
 
PPTX
savi technical ppt.pptx
by4GH20CS407POONAM
 
PDF
IRJET - Survey on Malware Detection using Deep Learning Methods
byIRJET Journal
 
PDF
Zero day malware detection
bysujeeshkumarj
 
PDF
Fisher exact Boschloo and polynomial vector learning for malware detection
byIJECEIAES
 
PDF
A STATIC MALWARE DETECTION SYSTEM USING DATA MINING METHODS
byijaia
 
PPTX
Malware Detection Approaches using Data Mining Techniques.pptx
byAlamgir Hossain
 
PDF
Design and Development of an Efficient Malware Detection Using ML
bySiva krishnam raju Patsamatla
 
PPTX
A Case Study on Ensuring Network security with the use of a comparative forec...
bySoumyaMohapatra34
 
PDF
Tuning the K value in K-nearest neighbors for malware detection
byIAESIJAI
 
PDF
A novel ensemble-based approach for Windows malware detection
byIAESIJAI
 
PDF
PROVIDING CYBER SECURITY SOLUTION FOR MALWARE DETECTION USING SUPPORT VECTOR ...
byIRJET Journal
 
PPT
DETECTION OF MALICIOUS EXECUTABLES USING RULE BASED CLASSIFICATION ALGORITHMS
byAAKANKSHA JAIN
 
COMPARISON OF MALWARE CLASSIFICATION METHODS USING CONVOLUTIONAL NEURAL NETWO...
byIJNSA Journal
 
malware detection ppt for vtu project and other final year project
byNaveenAd4
 
Selecting Prominent API Calls and Labeling Malicious Samples for Effective Ma...
byIJCSIS Research Publications
 
978-3-031-88653-9_74aaaaaaaaaaaaaaaaaaaaaaaaaaaaa.pdf
byTrnHung5
 
Presentation.pptx..................................
byShivakrishnan18
 
Presentation (1).pptx
byRanjithCherry1
 
Presentation2 for the enthusiast who wants to download
byrsaumita01
 
A malware detection method for health sensor data based on machine learning
byjaigera
 
savi technical ppt.pptx
by4GH20CS407POONAM
 
IRJET - Survey on Malware Detection using Deep Learning Methods
byIRJET Journal
 
Zero day malware detection
bysujeeshkumarj
 
Fisher exact Boschloo and polynomial vector learning for malware detection
byIJECEIAES
 
A STATIC MALWARE DETECTION SYSTEM USING DATA MINING METHODS
byijaia
 
Malware Detection Approaches using Data Mining Techniques.pptx
byAlamgir Hossain
 
Design and Development of an Efficient Malware Detection Using ML
bySiva krishnam raju Patsamatla
 
A Case Study on Ensuring Network security with the use of a comparative forec...
bySoumyaMohapatra34
 
Tuning the K value in K-nearest neighbors for malware detection
byIAESIJAI
 
A novel ensemble-based approach for Windows malware detection
byIAESIJAI
 
PROVIDING CYBER SECURITY SOLUTION FOR MALWARE DETECTION USING SUPPORT VECTOR ...
byIRJET Journal
 
DETECTION OF MALICIOUS EXECUTABLES USING RULE BASED CLASSIFICATION ALGORITHMS
byAAKANKSHA JAIN
 

Recently uploaded

PDF
Driving Stress Detection Using Multimodal CNN with Nonlinear Representation o...
byPranjal Kumar
 
DOCX
What Is the Best BI Software Other Than Tableau.docx
byVarsha Nayak
 
PDF
Security Architecture Views the FDA Expects — And How to Get Them Right
byICS
 
PDF
VADY Smart Data Flow – Automated Data Insights for Scalable Enterprise Decisions
byNewFangledVision
 
PDF
Autowiring all the things! - DrupalCon Vienna 2025 - Luca Lusso, SparkFabrik
bysparkfabrik
 
PPT
Lexical and Syntax Analysis top down parsers
bymjmansoori54
 
PPTX
Validation testing in software engineering
bytanzeelamohsin01
 
PPTX
Declarative Process Mining with MINERful, Reloaded
byCecilia Iacometta
 
PDF
Zoho Vani AI-Powered Collaboration Platform to Rival Google Workspace & Micro...
byEvoluz Global Solutions
 
PDF
Best Tableau Alternatives for Data Analytics and Reporting.pdf
byVarsha Nayak
 
PDF
Dreamforce 2025: Welcome to the Agentic Enterprise
byDele Amefo
 
PDF
Shift Left for Inclusion: Scalable Accessibility Testing with Cypress - Cypre...
byLudovico Besana
 
PDF
898975372-Leaving-Legacy-Software-Behind-a-Modern-Migration-Roadmap.pdf
byKsoft Technologies
 
PDF
VADY GenAI – Enterprise AI Solutions with Complete Data Control and Smart Dec...
byNewFangledVision
 
PPTX
Financial Literacy for Software Developers
byBalanathanVirupasan
 
PDF
The Rise of AI Agents: Powering the Next Industrial Era
byMaxim Salnikov
 
PDF
How can AI be used in Content Management Systems, Plone Conference 2025
byRob Gietema
 
PPTX
Java Modern Puzzlers, a guide to new programming features
bySimon Ritter
 
PDF
Practical Performance Tuning for Serverless Java on AWS- InfoQ Dev Summit
byVadym Kazulkin
 
PDF
Safe Confined Space Entry Monitoring_ Singapore Experts.pdf
byprasadexiga0
 
Driving Stress Detection Using Multimodal CNN with Nonlinear Representation o...
byPranjal Kumar
 
What Is the Best BI Software Other Than Tableau.docx
byVarsha Nayak
 
Security Architecture Views the FDA Expects — And How to Get Them Right
byICS
 
VADY Smart Data Flow – Automated Data Insights for Scalable Enterprise Decisions
byNewFangledVision
 
Autowiring all the things! - DrupalCon Vienna 2025 - Luca Lusso, SparkFabrik
bysparkfabrik
 
Lexical and Syntax Analysis top down parsers
bymjmansoori54
 
Validation testing in software engineering
bytanzeelamohsin01
 
Declarative Process Mining with MINERful, Reloaded
byCecilia Iacometta
 
Zoho Vani AI-Powered Collaboration Platform to Rival Google Workspace & Micro...
byEvoluz Global Solutions
 
Best Tableau Alternatives for Data Analytics and Reporting.pdf
byVarsha Nayak
 
Dreamforce 2025: Welcome to the Agentic Enterprise
byDele Amefo
 
Shift Left for Inclusion: Scalable Accessibility Testing with Cypress - Cypre...
byLudovico Besana
 
898975372-Leaving-Legacy-Software-Behind-a-Modern-Migration-Roadmap.pdf
byKsoft Technologies
 
VADY GenAI – Enterprise AI Solutions with Complete Data Control and Smart Dec...
byNewFangledVision
 
Financial Literacy for Software Developers
byBalanathanVirupasan
 
The Rise of AI Agents: Powering the Next Industrial Era
byMaxim Salnikov
 
How can AI be used in Content Management Systems, Plone Conference 2025
byRob Gietema
 
Java Modern Puzzlers, a guide to new programming features
bySimon Ritter
 
Practical Performance Tuning for Serverless Java on AWS- InfoQ Dev Summit
byVadym Kazulkin
 
Safe Confined Space Entry Monitoring_ Singapore Experts.pdf
byprasadexiga0
 

Malware Dectection Using Machine learning

  • 1.
    Malware Detection usingMachine Learning By: Shubham Dubey(14ucs114)
  • 2.
    Malware overview ●Malicious softwarethat tries to damage or perform unauthorized access to your system. ●Can be of different type: Virus | Trojan | Adware | Worm etc ●More then 1 Lacs new samples found by AV companies every day. ●Most of them are Variant of each other or some old samples.
  • 3.
    Current status ofDetection ●Currently Antivirus company use signature based detection. ●Signature can be anything from strings to assembly code snippets.
  • 4.
    Problem with currentmethod ●Polymorphic malware can change their code on every execution. ●Most malware can encrypt or Pack themselves using packers. ●Detecting those malware using signature doesn’t work all the time.
  • 5.
    Solution using ML ●APIsequence features can be used to detect if a file is malicious or not. ●API calls are robust way of analysis as they cannot be alter easily. ●They outline everything happening to the operating system, including the operations on the files,registry, mutexes, processes and other features mentioned earlier. ●For example, OpenFile, CreateFile define the file operations, OpenMutex, CreateMutex and describe mutexes opened/created.
  • 6.
    Our System Description ●Cuckoosandbox is used to analyze and record all Api calls. ●File report get saved into json format file. ●Calls get parsed to save inside csv file in matrix vector format. ●Samples with less then 10 calls(or any other user set value) get ignored.
  • 7.
    Feature extraction ● Thefrequency representation approach has been taken. ●S1,S2..are sample number. API1,API2 are Calls made to an API.
  • 8.
    Redundant subsequence removal methods ●Thereare large number of useless api call sequence present. ●They can be removed using N-gram sample subsequence extraction. ●Match if some api calling pattern is present in many sample then remove it.(Works like sliding window)
  • 9.
    Redundant subsequence removal methods ●Othermethod can be using information gain ●C entropy of the malware detection system ● H(C) is the information entropy ●The information gain of the subsequence T to class C is: ●p(ti) is the probability that the feature appear and p(tj) is opposite.
  • 10.
    Using machine learningmethods ●After the features were extracted and selected, we can apply the machine learning methods to the data that we obtained. ●The packages used for the implementation of algorithms are: Random Forest – randomForest K-Nearest Neighbours – class Support Vector Machines – kernlab J48 Decision Tree – RWeka
  • 11.
    Using machine learningmethods ●After the features were extracted and selected, we can apply the machine learning methods to the data that we obtained. ●The packages used for the implementation of algorithms are: Random Forest – randomForest K-Nearest Neighbours – class Support Vector Machines – kernlab J48 Decision Tree – RWeka
  • 12.
    Comparison method ●The Cuckooanalysis score is an indication of how malicious an analyzed file is. ●In total, there are three levels of severity and all levels have their score of severity: 1 for low, 2 for medium and 3 for high. ●It is hard to measure the accuracy of the detection since there is no threshold value indicating whether the sample is malicious or not. ●This can be compare with the result received by ML algorithms.
  • 13.
    Results ●The accuracy ofdetection is measured as the percentage of correctly identified instances:
  • 14.
    Support Vector MachinesResults ●The overall accuracy achieved was 87.6% for multi- class classification and 94.6% for binary classification.
  • 15.
    Random Forest Results ●Thealgorithm resulted in a good accuracy of predictions, 95.69% for multi-class classification and 96.8% for binary classification.
  • 16.
    KNN Results ●As itcan be seen, the best accuracy was achieved with k=1. The algorithm resulted in a good accuracy of 87% for multi-class classification and 94.6% for two-class classification.
  • 17.
    Conclusion Experiments show thatthe integrated Machine learning classifier has a better performance than the separate signature based Detection.
  • 18.
    Conclusion In classification problems,different models gave different results. The lowest accuracy was achieved by Naive Bayes (72.34% and 55%), followed by k-Nearest-Neighbors and Support Vector Machines (87%, 94.6% and 87.6%, 94.6% respectively). The highest accuracy was achieved with the J48 and Random Forest models, and it was equal to 93.3% and 95.69% for multi-class classification and 94.6% and 96.8% for binary classification respectively.
  • 19.