Using Static and Dynamic Malware features to perform Malware Ascription
This addresses the problem of malware attribution for cybersecurity professionals, but it appears incremental as it applies existing methods to new data.
The paper tackled malware ascription by using static and dynamic features from malicious executables to classify malware families, achieving results through machine learning algorithms like Multinomial Naive Bayes, Support Vector Machine, and Bagging with Decision Trees, though no concrete performance numbers are provided.
Malware ascription is a relatively unexplored area, and it is rather difficult to attribute malware and detect authorship. In this paper, we employ various Static and Dynamic features of malicious executables to classify malware based on their family. We leverage Cuckoo Sandbox and machine learning to make progress in this research. Post analysis, classification is performed using various deep learning and machine learning algorithms. Using the features gathered from VirusTotal (static) and Cuckoo (dynamic) reports, we ran the vectorized data against Multinomial Naive Bayes, Support Vector Machine, and Bagging using Decision Trees as the base estimator. For each classifier, we tuned the hyper-parameters using exhaustive search methods. Our reports can be extremely useful in malware ascription.