Malware Detection Using Machine Learning Techniques

Download Malware Detection Using Machine Learning Techniques

Post on 17-Feb-2017

275 views

Category:

Engineering

6 download

TRANSCRIPT

<p>Slide 1</p> <p>Malware detection using Machine learning: A reviewSubmitted To: Maam Tahira MehboobPresented By:Anum NisaSumaiya ArshadMAY18,2016|MachineLearning</p> <p>ABOUTMALWARE&amp;ITSDETECTIONTECHNIQUES:</p> <p>INTODUCTION:MAY18,2016|MachineLearning</p> <p>ABOUTMALWARE&amp;ITSDETECTIONTECHNIQUES:</p> <p>MalwareisMalicioussoftwareVirus,Spam,</p> <p>Increasing threats *Continuous and increased attacks on infra- structure *Threats to business, national security &amp; personal security of PCs</p> <p>Attacksarebecomingmoreadvancedandsophisticated!MAY18,2016|MachineLearning</p> <p>MALWAREExecutables</p> <p>HostvsNetworkbasedapproachesLimitationofexistingtechniques-Signature-basedapproach*Failstodetectzero-dayattacks.*Failstodetectthreatswithevolvingcapabilitiessuchasmetamorphicandpolymorphicmalware.-Anomaly-basedapproach*Producinghighfalsepositiverate.-SupervisedLearningbasedapproach*Poorperformanceonnewandevolvingmalware*Buildingclassifiermodelischallengingduetodiversityofmalwareclasses,imbalanceddistribution,dataimperfectionissues,etc.MAY18,2016|MachineLearning</p> <p>RedHocks (Viruses)MAY18,2016|MachineLearning</p> <p>OurGoalMachineLearningbasedapproach-Twolevel:*Supervisedlearningapproachtodetectmalicious flowsandfurtheridentifyspecifictype*Combineunsupervisedlearningwithsupervised learningtoaddressnewclassdiscoveryproblem</p> <p>MAY18,2016|MachineLearning</p> <p>Twolevelmalwaredetectionframework:</p> <p>Macro-levelclassifier</p> <p>Usedtoisolatemaliciousflowsfromthenon-maliciousones.</p> <p>Micro-levelclassifier</p> <p>FurthercategorizethemaliciousflowsintooneofthepreexistingmalwareornewmalwareProposed Framework</p> <p>MAY18,2016|MachineLearning</p> <p>ProposedFrameworkBlockdiagram</p> <p>MAY18,2016|MachineLearning</p> <p>ClassificationProcessMachine learning, data mining, and text classification &amp; detectionmethodsto detect Malicious Executable includes:Classifies Unknown or Malicious using ML alogorithmsRandom Forest ClassifierBoosted J 48decision treeKNN, navebayes, SVM, Multilayer Perceptron MLPMal-ID Basic Detection AlgorithmBoththeBayesnetworkandrandomforestclassifiersproducedmoreaccuratereadings.ButboostedDecisionTree(J48)isbestclassifier</p> <p>MAY18,2016|MachineLearning</p> <p>ExperimentalEvaluationOurAnalysisShowsthatamongthreemajorfomsofvirusessuchascomputerviruses,InternetwormsandTrojanhorsesthemostdangerousistrojans</p> <p>MAY18,2016|MachineLearning</p> <p>ANALYSIS</p> <p>MAY18,2016|MachineLearning</p> <p>ANALYSISThissectionwillintroduceanalysistechniquesformobileandPCsmalware.Itwilltransferwellknowntechniquesfromthecommoncomputerworldtotheplatformsofmobiledevices.</p> <p>The main idea of dynamic analysis is executing a given sample in a controlled environment, monitoring its behavior, and obtaining information about its nature and purpose.</p> <p>This is especially important in the field of malware research because a malware analyst must be able to assess a programs threat and create proper counter-measures.</p> <p>While static analysis might provide more precise results, the sheer mass of newly emerging malware each day makes it impossible to conduct a static analysis for even a small portion of todays malware.</p> <p>MAY18,2016|MachineLearning</p> <p>ANALYSISOfPARAMETERS:Toanalyzemalwaredetectiontechniquessomeevaluationparametersareusedtodetectqualityfactors(NonFunctionalRequirements):Category/TypeofVirusDetectionTechniquesAlgorithm/Technology/MechanismBestClassificationmethodologyEvaluationcriterionImplementationTools</p> <p>MAY18,2016|MachineLearning</p> <p>13</p> <p>J48isanextensionofID3.</p> <p>TheadditionalfeaturesofJ48are:</p> <p>accountingformissingvalues,decisiontreespruning,</p> <p>continuousattributevalueranges,derivationofrules,etc.IntheWEKAdataminingtool,J48isanopensourceJavaimplementationoftheC4.5algorithm.Boosted J 48 Decision Tree</p> <p>MAY18,2016|MachineLearning</p> <p>Boosted J 48 Decision Tree</p> <p>MAY18,2016|MachineLearning</p> <p>Conclusion:We proposed an effective malware detection framework based ondata mining &amp; machine learning techniques:</p> <p> Two level ML based classifier</p> <p> New class detection</p> <p> Encrypted data</p> <p>A tree based kernel for SVM was proposed to handle the data imperfection issue in network flow data</p> <p>And Boosted J 48 decision tree classifier is analysized as best classifier among no of different classifiers</p> <p>MAY18,2016|MachineLearning</p> <p>ConclusionContd:HoweverthispapershowsthecomparisonofefficiencyrateofdifferentmalwaredetectiontechniquesincludingKNN,NaivesBayes,J48boosted,SVM(Support VectorMachine).Weexplainthefeasibilityofsomedetectionmethodsandhighlightthemajorcausesofincreasingnoof malwarefiles,butmoreresearchisnecessary.</p> <p>MAY18,2016|MachineLearning</p> <p>MAY18,2016|MachineLearning</p> <p>FutureWorks</p> <p>Develop a hierarchical multi-class learning method to enhance the testing efficiency when the number of malware classes becomes extremely large.</p> <p>Detection (of malware) accuracy can be improved, through further research into classification algorithms and ways to mark malware data more accurately.And most of the classifiers used are not optimized for hardware operations or applications. Additionally hardware algorithm design can increase precision or accuracy and efficiency.</p> <p>MAY18,2016|MachineLearning</p> <p>MAY18,2016|MachineLearning</p> <p>ExtraMetamorphic malware is rewritten with each iterationso that each succeeding version of thecodeis different from the preceding one. The code changes makes it difficult for signature-basedantivirus softwareprograms to recognize that different iterations are the same malicious program.Polymorphic malwarealso makes changes to code to avoid detection. It has two parts, but one part remains the same with each iteration, which makes the malware a little easier to identify.an you imagine that a piece of malware code can change its shape and signature each time it appears, to make it extremely hard for signature based antivirus to detect them ?! This is called Polymorphic or Metamorphic malware.</p> <p>software. Trojans can be employed by cyber-thieves and hackers trying to gain access to users' systems. Users are typically tricked by some form of social engineering into loading and executing Trojans on their systems. Once activated, Trojans can enable cyber-criminals to spy on you, steal your sensitive data, and gain backdoor access to your system.These actions can include:Deleting dataBlocking dataModifying dataCopying dataDisrupting the performance of computers or computer networks</p>

Recommended

View more >