The Pipeline Process of Signature-based and Behavior-based Malware Detection
Manish Goyal Research Scholar, Raman Kumar
Abstract
There is a mushroom growth of malware which has caused a serious threat towards computer software and the internet. The number of malware is increasing with each passing day. There are two methods to deal with malware detection namely signature-based malware detection and behavior-based malware detection. Both methods have their advantages and disadvantages. In this paper, the pipeline process of both signature-based malware detection and behavior-based malware detection is explained. This will help researchers to understand these techniques in a detailed manner. In addition to this, an experiment is performed in which a dataset of 1494 malware and 1347 benign samples is collected. Then two kinds of features are extracted from these samples one is string feature for static analysis and one is nonrepetitive consecutive API calls for dynamic analysis. Then accuracy is calculated by using various machine learning classifiers like k-Nearest Neighbors, Gaussian Naive Bayes, Multi Naive Bayes, Decision Tree, Support Vector Machine and Random Forest.