Authors:
Jaime Devesa
;
Igor Santos
;
Xabier Cantero
;
Yoseba K. Penya
and
Pablo G. Bringas
Affiliation:
Deusto Technological Foundation, Spain
Keyword(s):
Security, Malware detection, Machine learning, Data-mining.
Related
Ontology
Subjects/Areas/Topics:
Applications of Expert Systems
;
Artificial Intelligence
;
Artificial Intelligence and Decision Support Systems
;
Biomedical Engineering
;
Business Analytics
;
Data Engineering
;
Data Mining
;
Databases and Information Systems Integration
;
Datamining
;
Enterprise Information Systems
;
Formal Methods
;
Health Information Systems
;
Industrial Applications of Artificial Intelligence
;
Information Systems Analysis and Specification
;
Methodologies and Technologies
;
Operational Research
;
Security
;
Sensor Networks
;
Signal Processing
;
Simulation and Modeling
;
Soft Computing
Abstract:
Malware is any kind of program explicitly designed to harm, such as viruses, trojan horses or worms. Since the amount of malware is growing exponentially, it already poses a serious security threat. Therefore, every incoming code must be analysed in order to classify it as malware or benign software. These tests commonly combine static and dynamic analysis techniques in order to extract the major amount of information from distrustful files. Moreover, the increment of the number of attacks hinders manually testing the thousands of suspicious archives that every day reach antivirus laboratories. Against this background, we address here an automatised system for malware behaviour analysis based on emulation and simulation techniques. Hence, creating a secure and reliable sandbox environment allows us to test the suspicious code retrieved without risk. In this way, we can also generate evidences and classify the samples with several machine-learning algorithms. We have developed the pro
posed solution, testing it with real malware. Finally, we have evaluated it in terms of reliability and time performance, two of the main aspects for such a system to work.
(More)