Published Paper Details:

Malware detection is a very important factor in security of internet oriented machines. The combination of different features is used for dynamic malware analysis. The different combinations are generated from APIs, Summary Information, DLL and Registry Keys Changed. Cuckoo sandbox is used for dynamic malware analysis, which is customizable, and provides good accuracy. More than 2300 features are extracted from dynamic analysis of malware and 92 features are extracted statically from binary malware using PEFILE. We used machine learning to discover different types of windows malwares. The dataset used to train the model has static and dynamic analysis of different programs. According to the data every one program was labeled as humanely or malware. There are 6 types of malwares in total: Backdoor, Trojan, Trojan Downloader, Trojan Dropper, Virus, and Worm. Static features are extracting from 39000 hateful binaries and 10000 benign files. Dynamically 800 humanely files and 2200 malware files are analyzed in Cuckoo Sandbox and 2300 features are extracted. The precision of dynamic malware analysis is 94.64% while static analysis precision is 99.36%. The dynamic malware analysis is not effective due to tricky and intelligent behaviors of malwares. The dynamic analysis has some restrictions due to controlled network behavior and it cannot be analyzed completely due to limited access of network.