No content

Contents High Level Outline ➔ Malware Detection What is Malware detection and technically how is solved and advancement in the fields ➔ Deep learning Advanced analytics with deep learning is a great alternative to traditional methods. ➔ Architecture and Implementations Practically implemented architectures & solution references of solving malware detection

Statistical Analysis ● Preparing an Isolated Environment ● Collecting the Necessary Tools ● Performing a Static Analysis ● Dynamic Analysis

Malware detection, identification engine compares the contents of an unidentified piece of code to its database of known malware signatures. If the malware hasn’t been seen before, these methods rely on manually tuned heuristics to generate a handcrafted signature, which is then released as an update. This process is time-consuming, and sometimes signatures are released months after the initial detection. As a result, this detection method can’t keep up with the million new malware variants that are created daily.

Heuristic techniques identify malware based on the behavioral characteristics in the code, which has led to behavioral-based solutions. This malware detection technique analyzes the malware’s behavior at runtime, instead of considering the characteristics hardcoded in the malware code itself. The main limitation of this malware detection method is that it is able to discover malware only once the malicious actions have begun

Sandbox solutions are a development of the behavioral-based detection method. These solutions execute the malware in a virtual (sandbox) environment to determine whether the file is malicious or not, instead of detecting the behavioral fingerprint at runtime. Although this technique has shown to be quite effective in its detection accuracy, it is achieved at the cost of real-time protection because of the time-consuming process involved. Additionally, newer types of malicious code that can evade sandbox detection by stalling their execution in a sandbox environment are posing new challenges to this type of malware detection and consequently, prevention capabilities.

Deep learning architecture using the stacked AutoEncoders (SAEs) model for malware detection is implemented, with the input resting on Windows Application Programming Interface (API) calls extracted from the Portable Executable (PE) files. The SAEs model employs a greedy layerwise training operation for unsupervised feature learning, followed by supervised parameter fine-tuning (e.g., weights and offset vectors).

● ● ●

No content

No content

No content

No content

No content

No content

No content

No content

Thanks & Good luck!