CAM: A Combined Analytical Model for Efficient Malware Classification

Abstract: With the substantial use of internet Technology, the frequency of malware is increasing swiftly despite careful use of anti-malware software. Detecting malware is still is a challenge because invaders use new techniques to escape from the detection methods. The signature based detection which is used in most of the anti-malware software is proved to be unproductive due to the exponential increase in the number and types of malware. The static analysis methods can be used to analyse the binary file and generate the signature as an output. Dynamic analysis executes the file and then considers the behaviour and actions to identify whether the executable is a malware or benign. Considering the positive aspects of both these methods, an integrated analysis can be formulated to analyse and classify an unknown executable file. This proposed method uses machine learning in which known malwares and benign programs are used as training dataset. The binary code as well as dynamic behaviour can be analysed to generate a feature vector. A Combined Analytical Model is proposed by integrating advantages of both static and dynamic analysis. The proposed model improves efficiency and accuracy of malware classification. Experiments done on static, dynamic and the proposed integrated analysis technique to prove that the proposed method has a better accuracy than the individual analysis techniques.

Keywords: Malware Detection, Dynamic analysis, Static analysis, Printable string information (PSI), Support Vector Machine (SVM).