Malware Detection in Files and URL’s Using Machine Learning

Prof. Balaji Chaugule; Omkar Chavan; Tushar Kokane; Sagar Hyalij; Dnyaneshwar Bhosale

doi:10.32628/IJSRST24112164

Authors

Prof. Balaji Chaugule Department of Information Technology, Zeal College of Engineering and Research Narhe , Pune, Maharashtra, India Author
Omkar Chavan Department of Information Technology, Zeal College of Engineering and Research Narhe , Pune, Maharashtra, India Author
Tushar Kokane Department of Information Technology, Zeal College of Engineering and Research Narhe , Pune, Maharashtra, India Author
Sagar Hyalij Department of Information Technology, Zeal College of Engineering and Research Narhe , Pune, Maharashtra, India Author
Dnyaneshwar Bhosale Department of Information Technology, Zeal College of Engineering and Research Narhe , Pune, Maharashtra, India Author

DOI:

https://doi.org/10.32628/IJSRST24112164

Keywords:

Cyber Attackers, Extrusion, Legitimate, Machine Learning, Malware

Abstract

The rampant extrusion of personal or sensitive data by malicious software has inflicted significant damage worldwide, posing a critical threat to individuals and various sectors of society. Cyber attackers engage in relentless warfare against computer systems, deploying malware to breach crucial data. Consequently, safeguarding this data has become a paramount concern for researchers. This paper aims to address this challenge by proposing the development of an application leveraging machine learning algorithms to discern between malicious and legitimate files effectively. In the contemporary era, marked by pervasive technological advancements, the widespread adoption of the internet has facilitated unprecedented connectivity but also heightened the risk of cyber threats perpetrated by malicious actors. These threats, often executed through the deployment of malware, have inflicted substantial financial losses, amounting to billions of dollars globally. Consequently, safeguarding against malicious attacks has become a paramount endeavor in the ongoing battle against cybercrime. To address this imperative, this paper endeavors to leverage machine learning algorithms to prognosticate the likelihood of malware infections in computer systems, utilizing a supervised learning approach alongside gradient boosting algorithms. Drawing upon a publicly available dataset, meticulously partitioned into training and testing sets, the study embarks on four distinct experiments employing the aforementioned algorithms. Notably, the findings underscore Light GBM as the most efficacious model, boasting an impressive AUC Score of 0.73926, thus signifying a pivotal advancement in fortifying cyber defenses through predictive analytics. Malware poses a significant threat in today's digital landscape, with various forms proliferating over the last decade, leading to substantial financial losses for organizations. Defined as malicious software, malware wreaks havoc on users' computers through various means. To address this challenge, a solution leveraging machine learning techniques has been proposed to detect malware in downloaded files. By analyzing features such as MD5 hash, Optional Header size, and Load Configuration Size, different machine learning algorithms are trained to distinguish between malicious and benign files effectively. Through rigorous training and comparison using Validation and Test datasets, the SVM Classifier emerged as the most accurate, achieving up to 99.99% accuracy in detecting malware types like Adware, Trojan, Backdoors, Unknown, Multidrop, Rbot, Spam, and Ransomware. This approach not only identifies malware but also mitigates potential risks to users' systems, safeguarding against detrimental impacts from infections.

Downloads

Download data is not yet available.

References

The literature comprises various studies and approaches in the field of malware detection and security informatics.

Cisco's Internet Threat Security Report of 2014 highlights the ongoing challenges and threats in cyberspace.

Researchers such as Moskovitch et al. (2008, 2012) have explored novel methods like opcode representation and text categorization for detecting unknown malcode.

Santos et al. (2013) proposed using opcode sequences for data mining-based malware detection. Other works, such as Bilar (2007) and Sekar et al.

(2001), delve into automated methods and anomalous program behavior detection. Nari and Ghorbani (2013) investigated automated malware classification based on network behavior.

Firdausi et al. (2010) and Tian et al. (2010) studied machine learning techniques for behavior-based malware detection. DOI: https://doi.org/10.1109/ACT.2010.33

Rieck et al. (2011) and Park et al. (2010) focused on automatic analysis of malware behavior using machine learning and behavioral graph matching, respectively.

Lee and Mody (2006) examined behavioral classification methods. Additionally, Philip OKane et al. (2013) proposed SVM training phase reduction using dataset feature filtering for malware detection.

VXheavens website served as a resource in this domain. Overall, these diverse approaches contribute to the ongoing efforts in combating cyber threats and enhancing digital security.

The landscape of malware detection and classification has seen significant advancements over the years, as evidenced by a plethora of research efforts.

Santos et al. (2009) proposed utilizing N-grams-based file signatures for malware detection, while Rieck et al. DOI: https://doi.org/10.5220/0001863603170320

(2008) focused on learning and classifying malware behavior. Konstantinou (2008) delved into the analysis and detection of metamorphic viruses, presenting insights in a technical report.

Chan and Lippmann (2006) explored the application of machine learning in computer security, emphasizing its potential.

Kolter and Maloof (2006) contributed to the field by developing techniques for detecting and classifying malicious executables.

Ye et al. (2007) introduced the Intelligent Malware Detection System (IMDS), leveraging intelligence for enhanced detection capabilities.

Chandrasekaran et al. (2007) presented Spycon, a system designed to emulate user activities for evasive spyware detection. Chouchane et al. DOI: https://doi.org/10.1109/PCCC.2007.358933

(2008) proposed using Markov Chains to filter machine-morphed variants of malicious programs, offering a novel approach. Stamp et al.

(2008) explored profile hidden Markov models for metamorphic virus detection, contributing to the evolving methodologies.

Santamarta (2006) focused on generic detection and classification of polymorphic malware, employing neural pattern recognition techniques.

Yoo (2004) explored visualizing Windows executable viruses using self-organizing map DOI: https://doi.org/10.1145/1029208.1029222