A hybrid approach for malware family classification

Abstract

One of the top most cyber security threats – in today’s world – are malware applications. Traditional signature and static analysis based malware defenses are prune to obfuscation and polymorphism, so they fail to detect and classify malware variants and zero-day attacks, due to the exponential growth and ever increasing complexity of malware. Behavior-based malware detection provides better insight into malware execution behavior and hence can be used for family classification. This paper proposes a novel framework that can correctly classify known and in the wild malware samples into their families and can identify novel malware samples for analysis. Malware analysis environment is setup using an enhanced and scalable version of Cuckoo sandbox to generate behavior reports. These reports are used to extract a novel combination of features, used to train a machine learning classifier i.e., random forest to achieve a high predictive performance. The developed system can help in filtering novel (i.e., zero-day) malwares and can also help in dealing with the limitation of static analysis while classifying malware into their families.