Return to search

Malware Classification Based on File and Registry Activities

Cyber criminals are trying to steal personal information from victim¡¦s machine to acquire more benefits by using malware. Antivirus is the most commonly used tool of malware identification, but the frequency of virus definition update is often less than the frequency of new type malware increase. Therefore, we need an effective and fast tool of malware identification in the current environment.
In addition to antivirus, software analysis platform is currently one of the ways to identify malware. User could figure out behaviors of software in detail by the analysis report provided by software analysis platform. Most of software analysis platforms only offer an analysis report, user have to identify whether the software is malware or not by them self. This type of report is no help for user if their expertise not enough to find out these behaviors. Some of software analysis platforms which used antivirus can provide information to user about the software is malware or not, but they don¡¦t have the ability of identifying new type malware immediately.
According to research and analysis report, we generalized differences in file and registry activities of normal software and malware and defined malware classification features from these differences. We adopted Support Vector Machine¡]SVM¡^as our algorithm of classification to build and test three classifiers which can identify normal software and malware. After several experimental evaluations, we confirmed that the identification rate of malware was up to 97.6%. Finally, we compared the performance of our classifiers with ThreatExpert, and the result show that the performance of our classifiers is as well as ThreatExpert.

Identiferoai:union.ndltd.org:NSYSU/oai:NSYSU:etd-0912112-145949
Date12 September 2012
CreatorsZeng, Ling-Ming
ContributorsDa-zhi Guan, chia-Mei Chen, Sheng-Tzong Cheng
PublisherNSYSU
Source SetsNSYSU Electronic Thesis and Dissertation Archive
LanguageCholon
Detected LanguageEnglish
Typetext
Formatapplication/pdf
Sourcehttp://etd.lib.nsysu.edu.tw/ETD-db/ETD-search/view_etd?URN=etd-0912112-145949
Rightsuser_define, Copyright information available at source archive

Page generated in 0.0021 seconds