WCSE 2016
ISBN: 978-981-11-0008-6 DOI: 10.18178/wcse.2016.06.019

Automatic Analysis of Malware Behavior with SVM

Xiang Jing, Biao Qi, Jianguo Jiang, Bin Lv

Abstract— Malicious binaries prevail in the networked systems, such as computer viruses, Trojan horses, and Internet worms cause a brief threat to the security of computer networks. At the beginning of analyzing malware, static malware analysis methods employ byte-level content to detect malware binaries; however, polymorphism and obfuscation make static malware analysis methods be out of function. Dynamic analysis is more suitable than static analysis to recognize malware for monitoring malware behaviors which are vital to identify and difficult to conceal. Actually homogeneous malware families share similar behavioral features and heterogeneous malware families have different characteristics. We propose a method to classify malware families based behavior. Our method includes two parts: (1) we transform raw malware data into vector space using bag of word model. (2) We employ support vector machine (SVM) to classify malware data into correspondent families. The result shows that the accuracy of algorithm is over 90%.

Index Terms— dynamic analysis, bag of word model, SVM.

Xiang Jing, Biao Qi, Jianguo Jiang, Bin Lv
Institute of Information Engineering, Chinese Academy of Sciences, CHINA


Cite: Xiang Jing, Biao Qi, Jianguo Jiang, Bin Lv, "Automatic Analysis of Malware Behavior with SVM," Proceedings of 2016 6th International Workshop on Computer Science and Engineering, pp. 110-114, Tokyo, 17-19 June, 2016.