The constant growth in the number of malware – software or code fragment
potentially harmful for computers and information networks – and the use of
sophisticated evasion and obfuscation techniques have seriously hindered
classic signature-based approaches. On the other hand, malware detection
systems based on machine learning techniques started offering a promising
alternative to standard approaches, drastically reducing analysis time and
turning out to be more robust against evasion and obfuscation techniques. In
this paper, we propose a malware taxonomic classification pipeline able to
classify Windows Portable Executable files (PEs). Given an input PE sample, it
is first classified as either malicious or benign. If malicious, the pipeline
further analyzes it in order to establish its threat type, family, and
behavior(s). We tested the proposed pipeline on the open source dataset EMBER,
containing approximately 1 million PE samples, analyzed through static
analysis. Obtained malware detection results are comparable to other academic
works in the current state of art and, in addition, we provide an in-depth
classification of malicious samples. Models used in the pipeline provides
interpretable results which can help security analysts in better understanding
decisions taken by the automated pipeline.

Go to Source of this post
Author Of this post: <a href="http://arxiv.org/find/cs/1/au:+Loi_N/0/1/0/all/0/1">Nicola Loi</a>, <a href="http://arxiv.org/find/cs/1/au:+Borile_C/0/1/0/all/0/1">Claudio Borile</a>, <a href="http://arxiv.org/find/cs/1/au:+Ucci_D/0/1/0/all/0/1">Daniele Ucci</a>

By admin