A Hybrid approach towards Malware Detection through Machine Learning

Abstract

Malware detection and classification is the first step towards understanding the nature of attacks and then deciding a response to future incidents. Due to the level of sophistication, analysis evasion techniques and the ability to achieve stealth, detection and classification of Advance Persistent Threat (APT) malware is especially challenging. Dynamically analysing them is also challenging because APTs may wait for an extended period of time before actually performing their intended malicious tasks. Therefore, most work focuses on Statically analysing APTs, hence ignoring an important aspect of their behavior. In this research, we present a hybrid analysis model to detect APTs. Our APT dataset comprises of 3500+ malware gathered from cyber-research's Github whereas 2800+ benign samples were binaries collected from a standard installation of a Windows 10 (x64). Our hybrid analysis model which combines strings, which are a static feature of APTs, along with the dynamic features of frequency and sequence of API calls, is able to detect APTs with a high degree of accuracy approaching 92.3%, precision of 100%, a recall of 89% and the F1 score of 94%.