6. - is a very big threat in today’s computing
world.
- continues to grow in volume and evolve in
complexity.
- a lot of malware generator.
- The number of websites distributing the malware
is increasing at an alarming rate and is getting out of control.
Malware
7. - Signature-based: code, hash, behavior, rules,...
Malware detection
Advantages Disadvantages
High accurancy Unable to detect new malware.
Easy to bypass.
Require update database frequenly.
Rely on human expertise in creating
the signatures
10. 1 Malware Detection using Machine Learning and Deep Learning | Hemant
Rathore, Swati Agarwal, Sanjay K. Sahay and Mohit Sewak BITS, Pilani |
Dept. of CS & IS, Goa Campus, Goa, India | 4 Apr 2019.
2 Malware Detection using Windows Api Sequence and Machine Learning |
Chandrasekar Ravi, R Manoharan | Chandrasekar Ravi, R Manoharan |
Department of Computer Science and Engineering, Pondicherry
Engineering College,Pillaichavady, Puducherry - 605014, India | April 2012
3 DeepSign: Deep Learning for Automatic Malware Signature Generation and
Classification | Eli (Omid) David | Dept. of Computer Science Bar-Ilan
University | 23 Nov 2017
4 DeepAM: a heterogeneous deep learning framework for intelligent
malware detection | Yanfang Ye1 · Lingwei Chen1 · Shifu Hou1 · William
Hardy1 · Xin Li | 12 May 2016
5 Behavior-based features model for malware detection | Hisham Shehata
Galal1 · Yousef Bassyouni Mahdy1 · Mohammed Ali Atiea1 | 12 December
2014
6 A Fast Malware Detection Algorithm Based on Objective-Oriented
Association Mining | Yuxin Ding, Xuebing Yuan, Ke Tang, Xiao Xiao, Yibin
Zhang | 19 January 2013
11. Machine learning principle
Training phase
Detection phase
Extract features
Benign/malware
Training
Predictive model
Predictive model
Unknow
Model decision
14. Malware detection
Static analysis Dynamic analysis
Advantages:
• Allows malicious files to be detected
prior to execution.
• Easy to run.
• Fast identification.
Advantages:
• Detecting unconceived types of malware
attacks.
• Detecting the polymorphic malwares.
15. Malware detection
Static analysis Dynamic analysis
Disadvantages:
• Failing to detect the polymorphic
malwares.
• Each model per sub-type.
• Mistaken for encryption, fileless
malwares,...
Disadvantages:
• Hard to extract feartures.
• Storage complexity for behavioral patterns.
• Time complexity.
16. Algorithms:
• Supervised learning:
• Decision tree.
• Random forest.
• Logistic Regression.
• SVM.
• Deep Learning
• ...
• Unsupervised learning:
• KNN
• A lot of algorithms have good
results. (> 90%)
• Random forest has best
results.
30. 5. Conclusion
1. Malware is continues to grow in volume
and evolve in complexity.
2. Traditional approaches is less effective to detect
new malware.
3. There are a lot of research using ML & DL to detect
malware.
4. Industries are trying to apply in to the real world
products.