Download - Advanced Malware Detection Group 8: Alex Finkelstein, Josh Suess, Dom Amos, Mike Hite, Kevin Hao
Problem
Detection systems relying on static malicious signatures are no longer enough.
Amount of malware increasing exponentially
Smarter malware
Goals
Detection based on behavior
API signatures
Multi-factor classification techniques
Naïve Bayes, SVM, Kth nearest
Automation of database maintenance
Updates
System Architecture
Database creation
Database link
API extraction
API signature generation
Classification models
User interface
API Extraction
Access the import table of each executable file in our sample directory
Loop through each API call for two purposes
Populate the API table
Generate behavioral signature
API Signature Generation
Similarly to extraction we are looping through all of the API calls
This time though we are comparing them with the database rather than adding them to it.
Business Potential
Two marketing options
Subscription based
Licensing
Sell out and get bought up by a real company
Future Development Potential
Implementation of multiple classification methods
Support for packed and encrypted files
Improved speed and stability through a different database