Predicting the Dynamic Behaviour of Malware using RNN

Abstract

Malware analysis can be classified as static and dynamic analysis. Static analysis involves the inspection of the malicious code by observing the features such as file signatures, strings etc. The code obfuscation techniques such as string encryption, class encryption etc can be easily applied on static code analysis. Dynamic or behavioural data is more difficult to obfuscate as the malicious payload may have already been executed before it is detected. In this paper, the dataset is obtained from repositories such as VirusShare and is run in Cuckoo Sandbox with the help of the agent.py. The dynamic features are extracted from the generated Cuckoo logs in the html and JSON format and it has to be determined whether it is malicious or not using recurrent neural networks. Recurrent Neural Networks are capable of predicting whether an executable is malicious and have the ability to capture time-series data.