Graduate: Information Assurance Category: Security Degree Level ...
Graduate: Information Assurance Category: Security Degree Level: Masters Abstract ID# 1358
Machine Learning and Malware Classification
Abstract
The aim of this project is to determine the feasibility of the whitelisting approach in a real-world computing environment. A lot of work is being done in classifying and clustering malware. Most of this work define the undesirable behavior of the executable. But with malware growing at an exponential rate, it has just become quite impossible to define all the unfavorable properties. This project was aimed at just desirable properties.
Introduction & Background This project took advantage of the fast malware classification approach currently present in the market and trained the classifier using benign files, unlike antimalware’s methodology which uses bad behavior to tell if a file has unfavorable characteristics. The classifier is used to determine the extent to which a particular Linux and Windows binary executable are benign/malicious. A static analysis is performed without executing the file to check if interpreter value and file integrity match the desired file for Linux executables or if the selected 13 parameters match the file in the training set. If the binary is undesirable, then it is tagged as a malware without executing it. If the file is not in the database, then features of the binary are compared against a feature set extracted from many benign executables like Coreutils. This approach of whitelisting was analyzed and worked upon to determine its success over the blacklisting approach.
By- Amit Raut Pranav Sharma
Machine Learning and Malware Classification
Abstract
The aim of this project is to determine the feasibility of the whitelisting approach in a real-world computing environment. A lot of work is being done in classifying and clustering malware. Most of this work define the undesirable behavior of the executable. But with malware growing at an exponential rate, it has just become quite impossible to define all the unfavorable properties. This project was aimed at just desirable properties.
Introduction & Background This project took advantage of the fast malware classification approach currently present in the market and trained the classifier using benign files, unlike antimalware’s methodology which uses bad behavior to tell if a file has unfavorable characteristics. The classifier is used to determine the extent to which a particular Linux and Windows binary executable are benign/malicious. A static analysis is performed without executing the file to check if interpreter value and file integrity match the desired file for Linux executables or if the selected 13 parameters match the file in the training set. If the binary is undesirable, then it is tagged as a malware without executing it. If the file is not in the database, then features of the binary are compared against a feature set extracted from many benign executables like Coreutils. This approach of whitelisting was analyzed and worked upon to determine its success over the blacklisting approach.
By- Amit Raut Pranav Sharma
