Identification of windows-based malware by dynamic analysis using machine learning algorithm

Abstract

One of the main concerns of the research community today is the continuously increasing new categories of malware which is a harmful threat to the Internet. Various techniques have been used but they are incapable of identifying unknown malware. To overcome them, the proposed work makes use of dynamic malware analysis techniques in conjunction with machine learning for windows-based malware identification and classification. It involves running the executables in cuckoo sandbox tool which provides a limited environment having an uncovered minimum of resources for execution and post-execution analyzing the behavior reports. The generated JSON report has been used to select the features and their count frequencies. Feature selection is done taking the most important features where the proposed framework’s experimental result shows that five features were enough to distinguish malware from benign with the most effective accuracy. Further, in this paper, the top ten frequencies are considered for classification. Two classifiers have been used, the random forest classifier with an accuracy of 85% and decision tree classifier with an accuracy of 83%.