Advanced Malware Detection

Group 8: Alex Finkelstein, Josh Suess, Dom Amos, Mike Hite, Kevin Hao

Problem

Detection systems relying on static malicious signatures are no longer enough.

Amount of malware increasing exponentially

Smarter malware

Goals

Detection based on behavior

API signatures

Multi-factor classification techniques

Naïve Bayes, SVM, Kth nearest

Automation of database maintenance

Updates

System Architecture

Database creation

Database link

API extraction

API signature generation

Classification models

User interface

Database Creation

Installation and creation of MySQL server

Creation of database and tables

Database Link

Installation of connector

Physical connection between visual studio and MySQL

API Extraction

Access the import table of each executable file in our sample directory

Loop through each API call for two purposes

Populate the API table

Generate behavioral signature

API Signature Generation

Similarly to extraction we are looping through all of the API calls

This time though we are comparing them with the database rather than adding them to it.

Classification: Naïve Bayes

User Interface

Simple window allows user to select the directory they want to scan

Current Accomplishments

Database and table creation

API Extraction

API Signature Generation

Remaining Work

Implementation of classification model

User interface

Business Potential

Two marketing options

Subscription based

Licensing

Sell out and get bought up by a real company

Future Development Potential

Implementation of multiple classification methods

Support for packed and encrypted files

Improved speed and stability through a different database

Questions?