Behaviour-based malware detector
The number of new malwares created every day is at an all-time high, one of the main reasons is that malware authors are using polymorphic methods. As a result, antivirus software is not able to detect the malware in a timely manner, therefore, it is insufficient to use an antivirus software to dete...
Saved in:
Main Author: | |
---|---|
Other Authors: | |
Format: | Final Year Project |
Language: | English |
Published: |
2018
|
Subjects: | |
Online Access: | http://hdl.handle.net/10356/74011 |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Institution: | Nanyang Technological University |
Language: | English |
id |
sg-ntu-dr.10356-74011 |
---|---|
record_format |
dspace |
spelling |
sg-ntu-dr.10356-740112023-03-03T20:53:57Z Behaviour-based malware detector Kwong, Jordan Zheng Xi Lam Kwok Yan School of Computer Science and Engineering Certis CISCO Security Pte Ltd DRNTU::Engineering The number of new malwares created every day is at an all-time high, one of the main reasons is that malware authors are using polymorphic methods. As a result, antivirus software is not able to detect the malware in a timely manner, therefore, it is insufficient to use an antivirus software to detect new malware. Over the last few years, machine learning techniques have shown to be able to have high accuracy in classification tasks. Anti-malware solutions have also started using machine learning techniques to classify malware. This report presents a proof of concept software that uses convolutional neural network (CNN) to perform malware classification. Firstly, malicious and non-malicious files were collected and analysis was done for each of the files using a static analysis tool, pestudio. Subsequently, the important features were extracted and used to train the CNN to perform malware classification. The neural network is able to achieve 74% classification accuracy, with 80% of the malicious files detected. Moreover, support for detecting malware in PDF, Microsoft Office and Adobe Flash files is needed due to the increasing number of malware which targets these file formats. The open source tools: PeePDF, Olevba and SWFDump were used to help to detect malware in PDF, Microsoft Office and Adobe Flash files respectively. Last but not least, testing for sandbox evasion techniques is necessary due to the increasing number of malwares that are able to detect the presence of a sandbox. To prevent malware from detecting the sandbox environment, the sandbox environment has to be tested first using a benign malware from the open source tool, Al-Khaser, before analysing the malware using that sandbox. This ensures that a malware would not be employing any of the commonly used evasion techniques tested in the sandbox. Bachelor of Engineering (Computer Science) 2018-04-23T07:01:46Z 2018-04-23T07:01:46Z 2018 Final Year Project (FYP) http://hdl.handle.net/10356/74011 en Nanyang Technological University 54 p. application/pdf |
institution |
Nanyang Technological University |
building |
NTU Library |
continent |
Asia |
country |
Singapore Singapore |
content_provider |
NTU Library |
collection |
DR-NTU |
language |
English |
topic |
DRNTU::Engineering |
spellingShingle |
DRNTU::Engineering Kwong, Jordan Zheng Xi Behaviour-based malware detector |
description |
The number of new malwares created every day is at an all-time high, one of the main reasons is that malware authors are using polymorphic methods. As a result, antivirus software is not able to detect the malware in a timely manner, therefore, it is insufficient to use an antivirus software to detect new malware. Over the last few years, machine learning techniques have shown to be able to have high accuracy in classification tasks. Anti-malware solutions have also started using machine learning techniques to classify malware.
This report presents a proof of concept software that uses convolutional neural network (CNN) to perform malware classification. Firstly, malicious and non-malicious files were collected and analysis was done for each of the files using a static analysis tool, pestudio. Subsequently, the important features were extracted and used to train the CNN to perform malware classification. The neural network is able to achieve 74% classification accuracy, with 80% of the malicious files detected.
Moreover, support for detecting malware in PDF, Microsoft Office and Adobe Flash files is needed due to the increasing number of malware which targets these file formats. The open source tools: PeePDF, Olevba and SWFDump were used to help to detect malware in PDF, Microsoft Office and Adobe Flash files respectively.
Last but not least, testing for sandbox evasion techniques is necessary due to the increasing number of malwares that are able to detect the presence of a sandbox. To prevent malware from detecting the sandbox environment, the sandbox environment has to be tested first using a benign malware from the open source tool, Al-Khaser, before analysing the malware using that sandbox. This ensures that a malware would not be employing any of the commonly used evasion techniques tested in the sandbox. |
author2 |
Lam Kwok Yan |
author_facet |
Lam Kwok Yan Kwong, Jordan Zheng Xi |
format |
Final Year Project |
author |
Kwong, Jordan Zheng Xi |
author_sort |
Kwong, Jordan Zheng Xi |
title |
Behaviour-based malware detector |
title_short |
Behaviour-based malware detector |
title_full |
Behaviour-based malware detector |
title_fullStr |
Behaviour-based malware detector |
title_full_unstemmed |
Behaviour-based malware detector |
title_sort |
behaviour-based malware detector |
publishDate |
2018 |
url |
http://hdl.handle.net/10356/74011 |
_version_ |
1759857033042984960 |