Abstract image of a woman sitting on books and studying on a laptop

Machine Learning for Malware Detection: Beyond Accuracy Rates

Marcus Botacin, profile picture
Marcus Botacin

The document discusses the methodology and evaluation of machine learning techniques for malware detection, emphasizing the importance of feature extraction for improved accuracy rates. It presents findings that dynamic features outperform static features and highlights the influence of dataset characteristics on machine learning models. The conclusion reiterates the need for effective feature analysis and provides insights into future directions for research in this area.

Technology
1 of 17
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
Motivation Methodology Evaluation Conclusion Machine Learning for Malware Detection: Beyond Accuracy Rates Lucas Galante, Marcus Botacin, Andr´e Gr´egio, Paulo L´ıcio de Geus SBSEG 2019 Machine Learning for Malware Detection: Beyond Accuracy Rates 1 / 17
Motivation Methodology Evaluation Conclusion Agenda 1 Motivation Motivation 2 Methodology Malware Classifier 3 Evaluation Beyond Accuracy Rates 4 Conclusion Conclusion Machine Learning for Malware Detection: Beyond Accuracy Rates 2 / 17
Motivation Methodology Evaluation Conclusion Motivation Agenda 1 Motivation Motivation 2 Methodology Malware Classifier 3 Evaluation Beyond Accuracy Rates 4 Conclusion Conclusion Machine Learning for Malware Detection: Beyond Accuracy Rates 3 / 17
Motivation Methodology Evaluation Conclusion Motivation Malware Increase Figure: Increase of 46% in malware activity in Q2 of 2019. https://tinyurl.com/y6qzn83h Machine Learning for Malware Detection: Beyond Accuracy Rates 4 / 17
Motivation Methodology Evaluation Conclusion Motivation Malware Classification Figure: Necessity of antimalware applications. https://tinyurl.com/y2bz5k58 Machine Learning for Malware Detection: Beyond Accuracy Rates 5 / 17
Motivation Methodology Evaluation Conclusion Malware Classifier Agenda 1 Motivation Motivation 2 Methodology Malware Classifier 3 Evaluation Beyond Accuracy Rates 4 Conclusion Conclusion Machine Learning for Malware Detection: Beyond Accuracy Rates 6 / 17
Motivation Methodology Evaluation Conclusion Malware Classifier Extracted Features Table: Malware Features classified according extraction method (static and dynamic) and representation (discrete or continuous). Static Dynamic Discrete Continuous Both Embedded files Dissasembly fail Size sections # headers fork syscall /proc access /home string ptrace syscall /home string # .dynamic ptrace syscall /home access /sys string Network strings /sys string # sections socket syscall passwd access Linkage Header present passwd string # symbols mmap syscal permission denied UPX passwd string # libs # relocations SIGTERM fork syscall compiler string Size sample # debug section SIGSEGV Machine Learning for Malware Detection: Beyond Accuracy Rates 7 / 17
Motivation Methodology Evaluation Conclusion Malware Classifier Classification Overview Figure: Overview of classification process. Machine Learning for Malware Detection: Beyond Accuracy Rates 8 / 17
Motivation Methodology Evaluation Conclusion Beyond Accuracy Rates Agenda 1 Motivation Motivation 2 Methodology Malware Classifier 3 Evaluation Beyond Accuracy Rates 4 Conclusion Conclusion Machine Learning for Malware Detection: Beyond Accuracy Rates 9 / 17
Motivation Methodology Evaluation Conclusion Beyond Accuracy Rates Importance of a Good Feature Extraction Procedure SVM classification of static continuous features. Kernel/Iter(#) 1000 10000 100000 Poly 49.32% 49.74% 49.95% Linear 73.87% 77.64% 80.94% rbf 84.92% 84.92% 84.92% SVM classification of dynamic continuous features. Kernel/ Iter (#) 1000 10000 100000 Poly 49.92% 49.76% 50.71% Linear 93.73% 86.51% 86.73% rbf 92.63% 92.63% 92.63% Machine Learning for Malware Detection: Beyond Accuracy Rates 10 / 17
Motivation Methodology Evaluation Conclusion Beyond Accuracy Rates Importance of Evaluated Datasets Mixed dataset. Random Forest classification of static continuous features. Max Depth/ Estimators (#) 16 32 64 8 99.17% 99.06% 99.20% 16 99.13% 99.06% 99.09% 32 99.09% 99.13% 99.17% VirusTotal dataset. Random Forest classification of static continuous features. Max Depth/ Estimators (#) 16 32 64 8 94.29% 94.35% 94.24% 16 94.24% 94.14% 94.08% 32 94.08% 94.14% 94.19% Machine Learning for Malware Detection: Beyond Accuracy Rates 11 / 17
Motivation Methodology Evaluation Conclusion Beyond Accuracy Rates Analyst Importance SVM classification of dynamic continuous features. Kernel/ Iter (#) 1000 10000 100000 Poly 50.91% 54.05% 58.16% Linear 97.97% 97.56% 80.35% rbf 98.54% 98.54% 98.54% SVM classification of dynamic discrete features. Kernel/ Iter (#) 1000 10000 100000 Poly 79.68% 79.91% 79.91% Linear 96.48% 96.48% 96.48% rbf 96.35% 96.35% 96.35% Machine Learning for Malware Detection: Beyond Accuracy Rates 12 / 17
Motivation Methodology Evaluation Conclusion Beyond Accuracy Rates What ML results teach us Static feature importance Static Discrete Continuous Network strings 40% Binary size 27% UPX present 17% # headers 16.70% passwd strings 1.40% # debug sections 0.20% Dynamic feature importance Dynamic Discrete Continuous mmap 50% # mmap 68% fork 6% # fork 10.80% SIGSEGV 10.60% # SIGSEGV 1.30% Machine Learning for Malware Detection: Beyond Accuracy Rates 13 / 17
Motivation Methodology Evaluation Conclusion Conclusion Agenda 1 Motivation Motivation 2 Methodology Malware Classifier 3 Evaluation Beyond Accuracy Rates 4 Conclusion Conclusion Machine Learning for Malware Detection: Beyond Accuracy Rates 14 / 17
Motivation Methodology Evaluation Conclusion Conclusion Conclusion Our results show that: Dynamic features outperforms static features Discrete features present smaller accuracy variance Dataset’s distinct characteristics impose challenges to ML models Feature analysis can be used as feedback information Machine Learning for Malware Detection: Beyond Accuracy Rates 15 / 17
Motivation Methodology Evaluation Conclusion Conclusion Acknowledgement This work is supported by: Brazilian National Counsel of Technological and Scientific Development CESeg assistance Machine Learning for Malware Detection: Beyond Accuracy Rates 16 / 17
Motivation Methodology Evaluation Conclusion Conclusion Questions, Critics and Suggestions. Contact galante@lasca.ic.unicamp.br Complete version https://github.com/marcusbotacin/ELF.Classifier Previous work https://github.com/marcusbotacin/Linux.Malware Reverse Engineering Workshop Thursday @ 13:30 Machine Learning for Malware Detection: Beyond Accuracy Rates 17 / 17

More Related Content

PPT
DETECTION OF MALICIOUS EXECUTABLES USING RULE BASED CLASSIFICATION ALGORITHMS
AAKANKSHA JAIN
 
PDF
IRJET - Survey on Malware Detection using Deep Learning Methods
IRJET Journal
 
PDF
Selecting Prominent API Calls and Labeling Malicious Samples for Effective Ma...
IJCSIS Research Publications
 
PDF
IRJET- Effective Technique Used for Malware Detection using Machine Learning
IRJET Journal
 
PDF
A Tale of Experiments on Bug Prediction
Martin Pinzger
 
PDF
MINING PATTERNS OF SEQUENTIAL MALICIOUS APIS TO DETECT MALWARE
IJNSA Journal
 
PDF
MINING PATTERNS OF SEQUENTIAL MALICIOUS APIS TO DETECT MALWARE
IJNSA Journal
 
PDF
MINING PATTERNS OF SEQUENTIAL MALICIOUS APIS TO DETECT MALWARE
IJNSA Journal
 
DETECTION OF MALICIOUS EXECUTABLES USING RULE BASED CLASSIFICATION ALGORITHMS
AAKANKSHA JAIN
 
IRJET - Survey on Malware Detection using Deep Learning Methods
IRJET Journal
 
Selecting Prominent API Calls and Labeling Malicious Samples for Effective Ma...
IJCSIS Research Publications
 
IRJET- Effective Technique Used for Malware Detection using Machine Learning
IRJET Journal
 
A Tale of Experiments on Bug Prediction
Martin Pinzger
 
MINING PATTERNS OF SEQUENTIAL MALICIOUS APIS TO DETECT MALWARE
IJNSA Journal
 
MINING PATTERNS OF SEQUENTIAL MALICIOUS APIS TO DETECT MALWARE
IJNSA Journal
 
MINING PATTERNS OF SEQUENTIAL MALICIOUS APIS TO DETECT MALWARE
IJNSA Journal
 

Similar to Machine Learning for Malware Detection: Beyond Accuracy Rates (20)

PPTX
IMPLEMENTATION OF MACHINE LEARNING IN E-COMMERCE & BEYOND
Rabi Das
 
PPTX
MALWARE DETECTION A FRAMEWORK FOR REVERSE ENGINEERED ANDROID APPLICATIONS_.pptx
MogilicharlaPavanKal
 
PDF
Improved Detection and Diagnosis of Faults in Deep Neural Networks Using Hier...
Masud Rahman
 
PDF
BH-US-06-Bilar.pdf
MohammadRazavi17
 
PDF
A survey of fault prediction using machine learning algorithms
Ahmed Magdy Ezzeldin, MSc.
 
PPTX
Malware Detection Using Data Mining Techniques
Akash Karwande
 
PDF
Malicious Linux binaries: A Landscape
Marcus Botacin
 
PPTX
Measuring the Code Quality Using Software Metrics
Geetha Anjali
 
DOCX
Automated Android Malware Detection Using Optimal Ensemble Learning Approach ...
Shakas Technologies
 
PPTX
Antimalware
Mayank Chaudhari
 
PDF
Near-memory & In-Memory Detection of Fileless Malware
Marcus Botacin
 
PDF
PROVIDING CYBER SECURITY SOLUTION FOR MALWARE DETECTION USING SUPPORT VECTOR ...
IRJET Journal
 
PPTX
Malware Detection Using Machine Learning Techniques
ArshadRaja786
 
PPTX
Pindroid - Android Malware Detection Tool
Akhil Goyal
 
PDF
Criminal Identification using Arm7
IRJET Journal
 
PPTX
Injection Attack detection using ML for
Khazane Hassan
 
DOCX
Network intrusion detection using supervised machine learning technique with ...
CloudTechnologies
 
PDF
IRJET - Research on Data Mining of Permission-Induced Risk for Android Devices
IRJET Journal
 
PDF
COMPARISON OF MALWARE CLASSIFICATION METHODS USING CONVOLUTIONAL NEURAL NETWO...
IJNSA Journal
 
PDF
Local Descriptor based Face Recognition System
IRJET Journal
 
IMPLEMENTATION OF MACHINE LEARNING IN E-COMMERCE & BEYOND
Rabi Das
 
MALWARE DETECTION A FRAMEWORK FOR REVERSE ENGINEERED ANDROID APPLICATIONS_.pptx
MogilicharlaPavanKal
 
Improved Detection and Diagnosis of Faults in Deep Neural Networks Using Hier...
Masud Rahman
 
BH-US-06-Bilar.pdf
MohammadRazavi17
 
A survey of fault prediction using machine learning algorithms
Ahmed Magdy Ezzeldin, MSc.
 
Malware Detection Using Data Mining Techniques
Akash Karwande
 
Malicious Linux binaries: A Landscape
Marcus Botacin
 
Measuring the Code Quality Using Software Metrics
Geetha Anjali
 
Automated Android Malware Detection Using Optimal Ensemble Learning Approach ...
Shakas Technologies
 
Antimalware
Mayank Chaudhari
 
Near-memory & In-Memory Detection of Fileless Malware
Marcus Botacin
 
PROVIDING CYBER SECURITY SOLUTION FOR MALWARE DETECTION USING SUPPORT VECTOR ...
IRJET Journal
 
Malware Detection Using Machine Learning Techniques
ArshadRaja786
 
Pindroid - Android Malware Detection Tool
Akhil Goyal
 
Criminal Identification using Arm7
IRJET Journal
 
Injection Attack detection using ML for
Khazane Hassan
 
Network intrusion detection using supervised machine learning technique with ...
CloudTechnologies
 
IRJET - Research on Data Mining of Permission-Induced Risk for Android Devices
IRJET Journal
 
COMPARISON OF MALWARE CLASSIFICATION METHODS USING CONVOLUTIONAL NEURAL NETWO...
IJNSA Journal
 
Local Descriptor based Face Recognition System
IRJET Journal
 
Ad

More from Marcus Botacin (20)

PDF
Cross-Regional Malware Detection via Model Distilling and Federated Learning
Marcus Botacin
 
PDF
What do malware analysts want from academia? A survey on the state-of-the-pra...
Marcus Botacin
 
PDF
GPThreats: Fully-automated AI-generated malware and its security risks
Marcus Botacin
 
PDF
[Texas A&M University] Research @ Botacin's Lab
Marcus Botacin
 
PDF
Pilares da Segurança e Chaves criptográficas
Marcus Botacin
 
PDF
Machine Learning by Examples - Marcus Botacin - TAMU 2024
Marcus Botacin
 
PDF
Near-memory & In-Memory Detection of Fileless Malware
Marcus Botacin
 
PDF
GPThreats-3: Is Automated Malware Generation a Threat?
Marcus Botacin
 
PDF
[HackInTheBOx] All You Always Wanted to Know About Antiviruses
Marcus Botacin
 
PDF
[Usenix Enigma\ Why Is Our Security Research Failing? Five Practices to Change!
Marcus Botacin
 
PDF
Hardware-accelerated security monitoring
Marcus Botacin
 
PDF
How do we detect malware? A step-by-step guide
Marcus Botacin
 
PDF
Among Viruses, Trojans, and Backdoors:Fighting Malware in 2022
Marcus Botacin
 
PDF
Extraindo Caracterı́sticas de Arquivos Binários Executáveis
Marcus Botacin
 
PDF
On the Malware Detection Problem: Challenges & Novel Approaches
Marcus Botacin
 
PDF
All You Need to Know to Win a Cybersecurity Adversarial Machine Learning Comp...
Marcus Botacin
 
PDF
Does Your Threat Model Consider Country and Culture? A Case Study of Brazilia...
Marcus Botacin
 
PDF
Integridade, confidencialidade, disponibilidade, ransomware
Marcus Botacin
 
PDF
An Empirical Study on the Blocking of HTTP and DNS Requests at Providers Leve...
Marcus Botacin
 
PDF
On the Security of Application Installers & Online Software Repositories
Marcus Botacin
 
Cross-Regional Malware Detection via Model Distilling and Federated Learning
Marcus Botacin
 
What do malware analysts want from academia? A survey on the state-of-the-pra...
Marcus Botacin
 
GPThreats: Fully-automated AI-generated malware and its security risks
Marcus Botacin
 
[Texas A&M University] Research @ Botacin's Lab
Marcus Botacin
 
Pilares da Segurança e Chaves criptográficas
Marcus Botacin
 
Machine Learning by Examples - Marcus Botacin - TAMU 2024
Marcus Botacin
 
Near-memory & In-Memory Detection of Fileless Malware
Marcus Botacin
 
GPThreats-3: Is Automated Malware Generation a Threat?
Marcus Botacin
 
[HackInTheBOx] All You Always Wanted to Know About Antiviruses
Marcus Botacin
 
[Usenix Enigma\ Why Is Our Security Research Failing? Five Practices to Change!
Marcus Botacin
 
Hardware-accelerated security monitoring
Marcus Botacin
 
How do we detect malware? A step-by-step guide
Marcus Botacin
 
Among Viruses, Trojans, and Backdoors:Fighting Malware in 2022
Marcus Botacin
 
Extraindo Caracterı́sticas de Arquivos Binários Executáveis
Marcus Botacin
 
On the Malware Detection Problem: Challenges & Novel Approaches
Marcus Botacin
 
All You Need to Know to Win a Cybersecurity Adversarial Machine Learning Comp...
Marcus Botacin
 
Does Your Threat Model Consider Country and Culture? A Case Study of Brazilia...
Marcus Botacin
 
Integridade, confidencialidade, disponibilidade, ransomware
Marcus Botacin
 
An Empirical Study on the Blocking of HTTP and DNS Requests at Providers Leve...
Marcus Botacin
 
On the Security of Application Installers & Online Software Repositories
Marcus Botacin
 
Ad

Recently uploaded (20)

PDF
TrustArc Webinar - Click, Consent, Trust: Winning the Privacy Game
TrustArc
 
PDF
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
PDF
Architecture types and enterprise applications.pdf
ChristopherTHyatt
 
PDF
A Late Bloomer's Guide to GenAI: Ethics, Bias, and Effective Prompting - Boha...
Mindy Bohannon
 
PDF
Hindi spoken digit analysis for native and non-native speakers
IAESIJAI
 
PPTX
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
PDF
Taming the Chaos: How to Turn Unstructured Data into Decisions
Safe Software
 
PPTX
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
PDF
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
PDF
From MVP to Full-Scale Product A Startup’s Software Journey.pdf
KodekX
 
PDF
STKI Israel Market Study 2025 version august
Dr. Jimmy Schwarzkopf
 
PPTX
O2C Customer Invoices to Receipt V15A.pptx
ssuserbfa915
 
PDF
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
PDF
Developing a website for English-speaking practice to English as a foreign la...
IAESIJAI
 
PDF
A novel scalable deep ensemble learning framework for big data classification...
IAESIJAI
 
PDF
Getting started with AI Agents and Multi-Agent Systems
Maxim Salnikov
 
PPTX
Web Crawler for Trend Tracking Gen Z Insights.pptx
Actowiz Solustions
 
PPTX
Modernising the Digital Integration Hub
Daniel Toomey
 
PDF
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 
PDF
Five Habits of High-Impact Board Members
OnBoard
 
TrustArc Webinar - Click, Consent, Trust: Winning the Privacy Game
TrustArc
 
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
Architecture types and enterprise applications.pdf
ChristopherTHyatt
 
A Late Bloomer's Guide to GenAI: Ethics, Bias, and Effective Prompting - Boha...
Mindy Bohannon
 
Hindi spoken digit analysis for native and non-native speakers
IAESIJAI
 
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
Taming the Chaos: How to Turn Unstructured Data into Decisions
Safe Software
 
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
From MVP to Full-Scale Product A Startup’s Software Journey.pdf
KodekX
 
STKI Israel Market Study 2025 version august
Dr. Jimmy Schwarzkopf
 
O2C Customer Invoices to Receipt V15A.pptx
ssuserbfa915
 
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
Developing a website for English-speaking practice to English as a foreign la...
IAESIJAI
 
A novel scalable deep ensemble learning framework for big data classification...
IAESIJAI
 
Getting started with AI Agents and Multi-Agent Systems
Maxim Salnikov
 
Web Crawler for Trend Tracking Gen Z Insights.pptx
Actowiz Solustions
 
Modernising the Digital Integration Hub
Daniel Toomey
 
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 
Five Habits of High-Impact Board Members
OnBoard
 

Machine Learning for Malware Detection: Beyond Accuracy Rates

  • 1. Motivation Methodology Evaluation Conclusion Machine Learning for Malware Detection: Beyond Accuracy Rates Lucas Galante, Marcus Botacin, Andr´e Gr´egio, Paulo L´ıcio de Geus SBSEG 2019 Machine Learning for Malware Detection: Beyond Accuracy Rates 1 / 17
  • 2. Motivation Methodology Evaluation Conclusion Agenda 1 Motivation Motivation 2 Methodology Malware Classifier 3 Evaluation Beyond Accuracy Rates 4 Conclusion Conclusion Machine Learning for Malware Detection: Beyond Accuracy Rates 2 / 17
  • 3. Motivation Methodology Evaluation Conclusion Motivation Agenda 1 Motivation Motivation 2 Methodology Malware Classifier 3 Evaluation Beyond Accuracy Rates 4 Conclusion Conclusion Machine Learning for Malware Detection: Beyond Accuracy Rates 3 / 17
  • 4. Motivation Methodology Evaluation Conclusion Motivation Malware Increase Figure: Increase of 46% in malware activity in Q2 of 2019. https://tinyurl.com/y6qzn83h Machine Learning for Malware Detection: Beyond Accuracy Rates 4 / 17
  • 5. Motivation Methodology Evaluation Conclusion Motivation Malware Classification Figure: Necessity of antimalware applications. https://tinyurl.com/y2bz5k58 Machine Learning for Malware Detection: Beyond Accuracy Rates 5 / 17
  • 6. Motivation Methodology Evaluation Conclusion Malware Classifier Agenda 1 Motivation Motivation 2 Methodology Malware Classifier 3 Evaluation Beyond Accuracy Rates 4 Conclusion Conclusion Machine Learning for Malware Detection: Beyond Accuracy Rates 6 / 17
  • 7. Motivation Methodology Evaluation Conclusion Malware Classifier Extracted Features Table: Malware Features classified according extraction method (static and dynamic) and representation (discrete or continuous). Static Dynamic Discrete Continuous Both Embedded files Dissasembly fail Size sections # headers fork syscall /proc access /home string ptrace syscall /home string # .dynamic ptrace syscall /home access /sys string Network strings /sys string # sections socket syscall passwd access Linkage Header present passwd string # symbols mmap syscal permission denied UPX passwd string # libs # relocations SIGTERM fork syscall compiler string Size sample # debug section SIGSEGV Machine Learning for Malware Detection: Beyond Accuracy Rates 7 / 17
  • 8. Motivation Methodology Evaluation Conclusion Malware Classifier Classification Overview Figure: Overview of classification process. Machine Learning for Malware Detection: Beyond Accuracy Rates 8 / 17
  • 9. Motivation Methodology Evaluation Conclusion Beyond Accuracy Rates Agenda 1 Motivation Motivation 2 Methodology Malware Classifier 3 Evaluation Beyond Accuracy Rates 4 Conclusion Conclusion Machine Learning for Malware Detection: Beyond Accuracy Rates 9 / 17
  • 10. Motivation Methodology Evaluation Conclusion Beyond Accuracy Rates Importance of a Good Feature Extraction Procedure SVM classification of static continuous features. Kernel/Iter(#) 1000 10000 100000 Poly 49.32% 49.74% 49.95% Linear 73.87% 77.64% 80.94% rbf 84.92% 84.92% 84.92% SVM classification of dynamic continuous features. Kernel/ Iter (#) 1000 10000 100000 Poly 49.92% 49.76% 50.71% Linear 93.73% 86.51% 86.73% rbf 92.63% 92.63% 92.63% Machine Learning for Malware Detection: Beyond Accuracy Rates 10 / 17
  • 11. Motivation Methodology Evaluation Conclusion Beyond Accuracy Rates Importance of Evaluated Datasets Mixed dataset. Random Forest classification of static continuous features. Max Depth/ Estimators (#) 16 32 64 8 99.17% 99.06% 99.20% 16 99.13% 99.06% 99.09% 32 99.09% 99.13% 99.17% VirusTotal dataset. Random Forest classification of static continuous features. Max Depth/ Estimators (#) 16 32 64 8 94.29% 94.35% 94.24% 16 94.24% 94.14% 94.08% 32 94.08% 94.14% 94.19% Machine Learning for Malware Detection: Beyond Accuracy Rates 11 / 17
  • 12. Motivation Methodology Evaluation Conclusion Beyond Accuracy Rates Analyst Importance SVM classification of dynamic continuous features. Kernel/ Iter (#) 1000 10000 100000 Poly 50.91% 54.05% 58.16% Linear 97.97% 97.56% 80.35% rbf 98.54% 98.54% 98.54% SVM classification of dynamic discrete features. Kernel/ Iter (#) 1000 10000 100000 Poly 79.68% 79.91% 79.91% Linear 96.48% 96.48% 96.48% rbf 96.35% 96.35% 96.35% Machine Learning for Malware Detection: Beyond Accuracy Rates 12 / 17
  • 13. Motivation Methodology Evaluation Conclusion Beyond Accuracy Rates What ML results teach us Static feature importance Static Discrete Continuous Network strings 40% Binary size 27% UPX present 17% # headers 16.70% passwd strings 1.40% # debug sections 0.20% Dynamic feature importance Dynamic Discrete Continuous mmap 50% # mmap 68% fork 6% # fork 10.80% SIGSEGV 10.60% # SIGSEGV 1.30% Machine Learning for Malware Detection: Beyond Accuracy Rates 13 / 17
  • 14. Motivation Methodology Evaluation Conclusion Conclusion Agenda 1 Motivation Motivation 2 Methodology Malware Classifier 3 Evaluation Beyond Accuracy Rates 4 Conclusion Conclusion Machine Learning for Malware Detection: Beyond Accuracy Rates 14 / 17
  • 15. Motivation Methodology Evaluation Conclusion Conclusion Conclusion Our results show that: Dynamic features outperforms static features Discrete features present smaller accuracy variance Dataset’s distinct characteristics impose challenges to ML models Feature analysis can be used as feedback information Machine Learning for Malware Detection: Beyond Accuracy Rates 15 / 17
  • 16. Motivation Methodology Evaluation Conclusion Conclusion Acknowledgement This work is supported by: Brazilian National Counsel of Technological and Scientific Development CESeg assistance Machine Learning for Malware Detection: Beyond Accuracy Rates 16 / 17
  • 17. Motivation Methodology Evaluation Conclusion Conclusion Questions, Critics and Suggestions. Contact galante@lasca.ic.unicamp.br Complete version https://github.com/marcusbotacin/ELF.Classifier Previous work https://github.com/marcusbotacin/Linux.Malware Reverse Engineering Workshop Thursday @ 13:30 Machine Learning for Malware Detection: Beyond Accuracy Rates 17 / 17