International Journal of Computational Intelligence Systems

<Previous Article In Issue
Next Article In Issue>
Volume 11, Issue 1, 2018, Pages 1153 - 1169

Evaluation of Supervised Machine Learning Techniques for Dynamic Malware Detection

Authors
Hongwei Zhao1, zhao_hongwei6@sohu.com, Mingzhao Li2, li_mingzhao@sina.cn, Taiqi Wu2, Fei Yang3, gulsha_ahuja@outlook.com
1College of Computer Science and Technology, Jilin University, Changchun, China, State Key Laboratory of applied optics, Changchun; Key Laboratory of Symbolic Computation and Knowledge Engineering for Ministry of Education, Jilin University, Changchun
2College of Computer Science and Technology, Jilin University, China
3College of Software, Jilin University, China
Received 21 May 2017, Accepted 28 May 2018, Available Online 12 June 2018.
DOI
10.2991/ijcis.11.1.87How to use a DOI?
Keywords
Dynamic Analysis; Malware detection; Machine Learning; Static Analysis
Abstract

Nowadays, security of the computer systems has become a major concern of security experts. In spite of many antivirus and malware detection systems, the number of malware incidents are increasing day by day. Many static and dynamic techniques have been proposed to detect the malware and classify them into malware families accurately. The dynamic malware detection has potential benefits over the static ones to detect malware effectively. Because, it is difficult to mask behavior of malware while executing than its underlying code in static malware detection. Recently, machine learning techniques have been the main focus of the security experts to detect malware and predict their families dynamically. But, to the best of our knowledge, there exists no comprehensive work that compares and evaluates a sufficient number of machine learning techniques for classifying malware and benign samples. In this work, we conducted a set of experiments to evaluate machine learning techniques for detecting malware and their classification into respective families dynamically. A set of real malware samples and benign programs have been received from VirusTotal, and executed in a controlled & isolated environment to record malware behavior for evaluation of machine learning techniques in terms of commonly used performance metrics. From the execution reports saved in the form of JSON reports, we extract a promising set of features representing behavior of a malware sample. The identified set of features is further employed to classify malware and benign samples. The Major motivation of this work is that different techniques have been designed to optimize different criteria. So, they behave differently, even in similar conditions. In addition to classification of malware and benign samples dynamically, we reveal guidelines for researchers to apply machine learning techniques for detecting malware dynamically, and directions for further research in the field.

Copyright
© 2018, the Authors. Published by Atlantis Press.
Open Access
This is an open access article under the CC BY-NC license (http://creativecommons.org/licences/by-nc/4.0/).

Download article (PDF)
View full text (HTML)

<Previous Article In Issue
Next Article In Issue>
Journal
International Journal of Computational Intelligence Systems
Volume-Issue
11 - 1
Pages
1153 - 1169
Publication Date
2018/06/12
ISSN (Online)
1875-6883
ISSN (Print)
1875-6891
DOI
10.2991/ijcis.11.1.87How to use a DOI?
Copyright
© 2018, the Authors. Published by Atlantis Press.
Open Access
This is an open access article under the CC BY-NC license (http://creativecommons.org/licences/by-nc/4.0/).

Cite this article

risenwbib
TY  - JOUR
AU  - Hongwei Zhao
AU  - Mingzhao Li
AU  - Taiqi Wu
AU  - Fei Yang
PY  - 2018
DA  - 2018/06/12
TI  - Evaluation of Supervised Machine Learning Techniques for Dynamic Malware Detection
JO  - International Journal of Computational Intelligence Systems
SP  - 1153
EP  - 1169
VL  - 11
IS  - 1
SN  - 1875-6883
UR  - https://doi.org/10.2991/ijcis.11.1.87
DO  - 10.2991/ijcis.11.1.87
ID  - Zhao2018
ER  -