Predictive Analysis of Macro Malwares: A Novel approach for Macro Malware Prediction using predictive modelling and machine learning techniques

Abstract

Macros are scripts used in Microsoft office documents to automate tasks written in Visual Basic for Applications (VBA). Malware authors exploit this feature and embed malicious VBA code in office documents to perform malicious activities on victim’s computer. Earlier, macros used to run automatically once an office document was opened. But in recent versions of Microsoft Office, macros are disabled by default and malware authors lure in the users to enable macros using different techniques and strategies. Once macros are enabled, the malicious code embedded within the file runs automatically and execute the malware as the malware authors intends to. Macro malware authors use different social engineering techniques to tempt or scare users into downloading and opening them. These may be downloaded to a victim’s computer by merely opening an email, an email attachment, or by performing some other usual normal operations, such as clicking a graphic to expand it in an email you receive which are usually embedded in Microsoft office files. The files often use names that entice users into opening them such as invoices, receipts, legal documents etc. Apart from virus detection programs, different machine learning techniques have been developed in the past for detection and mitigation of macro-based malwares. But at the same time malware authors come up with more advanced evasion and obfuscation techniques to evade the detection methods created on basis of machine learning techniques. viii Mostly research has been carried out on approaches to detect and mitigate malware threat. These come into play once a malware has been downloaded or executed on a system. A malware evading these techniques will infect the system, causing data theft or loss and may require substantial effort to recover data and remove the malware threat from the system. This threat becomes more pronounced depending upon the sensitivity and importance of target system; for example, a transaction server in a bank, an IT system or some Government organization. This research focuses on Malware prediction, an emerging concept which uses AI and Machine Learning techniques to analyze an organization’s web traffic and behavior to predict if and when a machine will be targeted by a Malware attack. Algorithms are used to analyze an organization’s dataset that contains real samples to provide a better approach for prediction of malware attack on a system. In this research, we will mainly focus on malwares in general to develop a framework, which will later be tested on a macro malware dataset.