ISBN: 978-981-11-0008-6 DOI: 10.18178/wcse.2016.06.019
Automatic Analysis of Malware Behavior with SVM
Abstract— Malicious binaries prevail in the networked systems, such as computer viruses, Trojan horses,
and Internet worms cause a brief threat to the security of computer networks. At the beginning of analyzing
malware, static malware analysis methods employ byte-level content to detect malware binaries; however,
polymorphism and obfuscation make static malware analysis methods be out of function. Dynamic analysis
is more suitable than static analysis to recognize malware for monitoring malware behaviors which are vital
to identify and difficult to conceal. Actually homogeneous malware families share similar behavioral features
and heterogeneous malware families have different characteristics. We propose a method to classify malware
families based behavior. Our method includes two parts: (1) we transform raw malware data into vector
space using bag of word model. (2) We employ support vector machine (SVM) to classify malware data into
correspondent families. The result shows that the accuracy of algorithm is over 90%.
Index Terms— dynamic analysis, bag of word model, SVM.
Xiang Jing, Biao Qi, Jianguo Jiang, Bin Lv
Institute of Information Engineering, Chinese Academy of Sciences, CHINA
Cite: Xiang Jing, Biao Qi, Jianguo Jiang, Bin Lv, "Automatic Analysis of Malware Behavior with SVM," Proceedings of 2016 6th International Workshop on Computer Science and Engineering, pp. 110-114, Tokyo, 17-19 June, 2016.