Vol. 6 No. 4 (2024), Articles
Vol. 6 No. 4 (2024)

Malware Classification using Static Analysis Approaches

Articles
Published 24-01-2025
Dikshyant Dhungana
Department of Electronics and Computer Engineering, Institute of Engineering (IOE) Pashchimanchal Campus, Tribhuvan University, Pokhara, Gandaki, Nepal
Ashish Sapkota
Department of Electronics and Computer Engineering, Institute of Engineering (IOE) Pashchimanchal Campus, Tribhuvan University, Pokhara, Gandaki, Nepal
Sabigya Pokharel
Department of Electronics and Computer Engineering, Institute of Engineering (IOE) Pashchimanchal Campus, Tribhuvan University, Pokhara, Gandaki, Nepal
Sudarshan Devkota
Department of Electronics and Computer Engineering, Institute of Engineering (IOE) Pashchimanchal Campus, Tribhuvan University, Pokhara, Gandaki, Nepal
Bishnu Hari Paudel
Department of Electronics and Computer Engineering, Institute of Engineering (IOE) Pashchimanchal Campus, Tribhuvan University, Pokhara, Gandaki, Nepal
PDF

Keywords

Malware
Opcodes
Static Analysis
Unigram Analysis
Multiclass Classifier

How to Cite

Dhungana, Dikshyant, Ashish Sapkota, Sabigya Pokharel, Sudarshan Devkota, and Bishnu Hari Paudel. 2025. “Malware Classification Using Static Analysis Approaches”. Journal of Artificial Intelligence and Capsule Networks 6 (4): 494-511. https://doi.org/10.36548/jaicn.2024.4.008.
ACM ACS APA ABNT Chicago Harvard IEEE MLA Turabian Vancouver AMA

Download Citation

Endnote/Zotero/Mendeley (RIS) BibTeX

Abstract

Malware threats are becoming increasingly complex, thereby posing greater challenges to effective mitigation efforts. It has become more essential than ever to address the malware, as it poses significant threats to individuals, organizations, and governments worldwide. Therefore, effective and more advanced malware classification techniques are necessary to address these malware threats. This proposed study presents an advanced approach to malware classification using static analysis which examines files without executing them. A structured framework was developed for systematic classification which involves gathering raw malware samples from various sources. Raw malware samples were deconstructed and information, such as the frequency of the opcode and the size of the section were collected. Experiments were carried out to assess the effectiveness of several classifiers in terms of accuracy, precision, recall, and F1 score across distinct malware classifications. Random Forest emerged as the best model in the examined dataset, with an accuracy of over 85.0%. These results demonstrate the effectiveness of Random Forest based on extracted datasets. The proposed research focuses on malware detection and classification, thereby enhancing cybersecurity in modern computing environments.

PDF

References

Namanya, Anitta Patience, Andrea Cullen, Irfan U. Awan, and Jules Pagna Disso. "The world of malware: An overview." In 2018 IEEE 6th international conference on future Internet of Things and cloud (FiCloud), Barcelona, Spain. IEEE, 2018. 420-427

Dinh, Phai Vu, Nathan Shone, Phan Huy Dung, Qi Shi, Nguyen Viet Hung, and Tran Nguyen Ngoc. "Behaviour-aware malware classification: Dynamic feature selection." In 2019 11th International Conference on Knowledge and Systems Engineering (KSE). IEEE, 2019. 1-5

Chen, Qian, and Robert A. Bridges. "Automated behavioral analysis of malware: A case study of wannacry ransomware." In 2017 16th IEEE International Conference on machine learning and applications (ICMLA),Cancun, Mexico. IEEE, 2017. 454-460.

Jarjoui, Samir, Robert Murimi, and Renita Murimi. "Hold my beer: a case study of how ransomware affected an Australian beverage company." In 2021 International conference on cyber situational awareness, data analytics and assessment (cybersa) Dublin, Ireland. IEEE, 2021. 1-6.

Vinayakumar, R., Mamoun Alazab, K. P. Soman, Prabaharan Poornachandran, and Sitalakshmi Venkatraman. "Robust intelligent malware detection using deep learning." IEEE access 7 (2019): 46717-46738.

S. R. Ariani and R. Lumanto, “Study of lokibot infection against indonesian network,”

N. Villeneuve, R. Eitzman, S. Nemes, and S. Dean, Formbook, https://cloud.google.com/blog/topics/threat-intelligence/formbook-malware-distribution-campaigns/, 2017.

Z. Tilsiter, Amadey, https://darktrace.com/blog/amadey-info-stealer-exploiting-n-day-vulnerabilities, 2023.

Rashid, Salar Jamal, Shatha A. Baker, Omar I. Alsaif, and Ali I. Ahmad. "Detecting Remote Access Trojan (RAT) Attacks based on Different LAN Analysis Methods." Engineering, Technology & Applied Science Research 14, no. 5 (2024): 17294-17301.

THREATLABZ, Smoke loader, https://www.zscaler.com/blogs/security-research/brief-history-smokeloader-part-1, 2024.

Hassen, Mehadi, Marco M. Carvalho, and Philip K. Chan. "Malware classification using static analysis based features." In 2017 IEEE symposium series on computational intelligence (SSCI), IEEE, 2017. 1-7.

Ranveer, Smita, and Swapnaja Hiray. "Comparative analysis of feature extraction methods of malware detection." International Journal of Computer Applications 120, no. 5 (2015).

Islam, Rafiqul, Ronghua Tian, Lynn Batten, and Steve Versteeg. "Classification of malware based on string and function feature selection." In 2010 Second Cybercrime and Trustworthy Computing Workshop, IEEE, 2010. 9-17

Schultz, Matthew G., Eleazar Eskin, F. Zadok, and Salvatore J. Stolfo. "Data mining methods for detection of new malicious executables." In Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001,IEEE, 2000. 38-49.

Singh, Prabhat K., and Arun Lakhotia. "Analysis and detection of computer viruses and worms: An annotated bibliography." ACM SIGPLAN Notices 37, no. 2 (2002): 29-35.

M. Oberhumer, L. Molnár, and J. F. Reiser, Upx: The ultimate packer for executables-homepage, 2020.

Hu, Xin, Kang G. Shin, Sandeep Bhatkar, and Kent Griffin. "{MutantX-S}: Scalable malware clustering based on static features." In 2013 USENIX Annual Technical Conference (USENIX ATC 13), 2013. 187-198

M. Bazaar, Malware bazaar, https://bazaar.abuse.ch/browse.php, 2024