Malware Detection using Deep Neural Network

Nowadays, signature based malware detection is widely used in commercial anti-viruses. However, this method fails to detect zero-day specific type of malware. Therefore, anti-virus engines are now moving towards finding the shared features and similar behaviors of malware families in order to be able to detect new ones as well. Using Machine Learning techniques for this purpose have focused on static features for a while, however, to be able to classify the malware, the malware engineers need to go through an extensive process of dynamic analysis. In this research, we propose an end to end framework for malware detection and classification using machine learning techniques. In this framework, we use DNN models to detect the malware vs. benign files as well as proposing an uncertainty score for the classification part. Using the proposed DNN model and only 6 static features, we are able to gain the FNR of less than 1% with the TPR of over 96%. In the next step, we propose a classification model that divided the malware into cyber crime and cyber espionage and other sub categories. We use the PCA (Principal Component Analysis) technique to prioritize the dynamic features to be explored for each sub category as well. Using this method will accelerate the labeling part for the malware engineers. Our research proposes the top 5 dynamic features for each type of malware to be analyzed.