Comparison of Behavior Analysis Sandboxes Using Various Machine Learning Algorithm for Malware Detection

Juwono, Joshua Tommy and Lim, Charles and Erwin, Alva (2015) Comparison of Behavior Analysis Sandboxes Using Various Machine Learning Algorithm for Malware Detection. Bachelor thesis, Swiss German University.

[img]
Preview
Text
Joshua Juwono 12111021 TOC.pdf

Download (239kB) | Preview
[img] Text
Joshua Juwono 12111021 1.pdf
Restricted to Registered users only

Download (434kB)
[img] Text
Joshua Juwono 12111021 2.pdf
Restricted to Registered users only

Download (392kB)
[img] Text
Joshua Juwono 12111021 3.pdf
Restricted to Registered users only

Download (694kB)
[img] Text
Joshua Juwono 12111021 4.pdf
Restricted to Registered users only

Download (321kB)
[img] Text
Joshua Juwono 12111021 5.pdf
Restricted to Registered users only

Download (164kB)
[img]
Preview
Text
Joshua Juwono 12111021 Ref.pdf

Download (199kB) | Preview

Abstract

Malware or malicious software has grown rapidly and presented huge information secu- rity challenges to a computer system. Many of Anti-Virus (AV) products failed to detect new or unknown malware, since they relied on the latest update of malware signature to detect malware. The situation is even made worst with today malware has capability to evade the detection of various code obfuscation techniques. One of the better way to counter this growing evasion capability is analyzing the malware dynamically in a sandbox environment, which provide an isolated environment for analyzing behavior of the malware. This paper presents the comparison of 2 behavior analysis sandboxes for their accuracy in detecting malware using several commonly used machine learning al- gorithms. Our experiment results show the overview of differentiation between Anubis sandbox and Cuckoo sandbox based on the generated reports from both sandbox. On the other hand,the overall best classification performance goes to Random Forest with a recall (true positive rate) of 96.48%, a precision (positive predictive value) of 98.23%, an accuracy of 95.02%, and the F-Measure is 97.35%. From this research, it can be concluded that Cuckoo data sets has better accuracy results than Anubis data sets while using Sci-kit learn with random forest classifier and also proof that automated malware analysis using Cuckoo Sandbox have been effectively detect malware.

Item Type: Thesis (Bachelor)
Uncontrolled Keywords: Sandboxes; Malware Analysis; Dynamic Analysis; Data Mining; Classification; Machine Learning; Malware Detection
Subjects: Q Science > Q Science (General) > Q325.5 Machine learning
Q Science > QA Mathematics > QA76 Computer software > > QA76.91 Data mining
Q Science > QA Mathematics > QA76 Computer software > > QA76.94 Electronic data processing--Auditing
T Technology > T Technology (General) > T58.5 Information technology
Divisions: Faculty of Engineering and Information Technology > Department of Information Technology
Depositing User: Atroridho Rizky
Date Deposited: 20 Jan 2021 15:01
Last Modified: 20 Jan 2021 15:01
URI: http://repository.sgu.ac.id/id/eprint/1720

Actions (login required)

View Item View Item