MalSketch - A machine learning-based malware behaviour analysis framework

Chanderan, Navein (2019) MalSketch - A machine learning-based malware behaviour analysis framework. Masters thesis, Universiti Malaysia Sarawak (UNIMAS).

[img] PDF (Please get the password from ACADEMIC REPOSITORY UNIT, ext: 082-583932/ 082-583914)
MalSketch – A Machine Learning-Based Malware Behaviour Analysis Framework.pdf
Restricted to Registered users only

Download (1MB) | Request a copy

Abstract

Malware samples has increased exponentially over the years, and there is a need to improve the efficiency of analysing large number of malware samples. Additionally, the diversity of malware types and the methods it employs to defeat analysis techniques has also increased steadily. Static analysis methods of malware are just not enough to combat modern malware attack as it has inherent limitation in that it is easily defeated by obfuscation and polymorphism. On the other hand, dynamic analysis methods of malware behaviour do not suffer from such limitations due to the fact that the samples are executed, therefore revealing its true behaviours. To address this problem, a framework for the automatic analysis of malware behaviour is proposed. The framework analyses malware behaviour, then convert the behaviour reports into a metalanguage format suitable for machine learning. To speed up computation, Minhash is used to represent samples, and Locality Sensitive Hashing is applied for nearest neighbour search in sublinear time. Disjoint-set Forest clustering algorithm is then applied to the results to cluster malware into family clusters. The framework achieves 97.4% true positive rate and 99.4% true negative rate, using a dataset of 65,000 from VirusShare. This shows that the framework works very well even for random dataset, and it is capable of daily malware samples clustering and to identify unknown malware. Keywords: Malware behaviour, malware analysis, clustering, automated analysis

Item Type: Thesis (Masters)
Additional Information: Thesis (MSc.) - Universiti Malaysia Sarawak , 2019.
Uncontrolled Keywords: Malware behaviour, malware analysis, clustering, automated analysis, unimas, university, universiti, Borneo, Malaysia, Sarawak, Kuching, Samarahan, ipta, education, Postgraduate, research, Universiti Malaysia Sarawak.
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Divisions: Academic Faculties, Institutes and Centres > Faculty of Computer Science and Information Technology
Depositing User: NAVEIN A/L CHANDERAN
Date Deposited: 18 Oct 2019 00:16
Last Modified: 04 Jun 2020 05:48
URI: http://ir.unimas.my/id/eprint/27471

Actions (For repository members only: login required)

View Item View Item