Downloaded 285 times
More Related Content
Similar to Malware Detection using Machine Learning
![[ppt]](https://cdn.slidesharecdn.com/ss_thumbnails/ppt2931-thumbnail.jpg?width=640&height=640&fit=bounds)
![[ppt]](https://cdn.slidesharecdn.com/ss_thumbnails/ppt3441-thumbnail.jpg?width=640&height=640&fit=bounds)
More from Cysinfo Cyber Security Community
![Support, Monitoring, Continuous Improvement & Scaling Agentic Automation [3/3]](https://cdn.slidesharecdn.com/ss_thumbnails/agenticcommunityseries-day3-cfd-251120170304-ddef8112-thumbnail.jpg?width=640&height=640&fit=bounds)
Malware Detection using Machine Learning
- 1.
- 2. ABOUT PRESENTER • Workedas security researcher for Symantec,Mcafee,Cyphort • Experience in reverse engineering ,malware analysis and detection • Worked on antivirus engines,and sandbox engines
- 3. DISCALIMER I have usedsome contents from the following sites Reference: • analyticsvidhya.com • datadrivensecurity.info • home.agh.edu.pl • neuralnetworksanddeeplearning.com • http://www.astroml.org • Youtube • Google images
- 4. Malware Detection inAntivirus: How Antiviruses detect malware? • Traditional AV's pattern matching on static files • Partially decrypt using techniques like emulation How Malwares evade antivirus? • use polymorphic packers which evades static pattern matching Why Machine Learning? • Too many types of malware bots,virus • Based on target stealers,POS malwares,banking • Too much data for human to process
- 5. MACHINE LEARNING INTRO •Some prerequisites: statistics,calculus,vectors,algebra • Problems solved: classification /regression • Types: supervised,semi- supervised,unsupervised • What is our problem? Classification
- 6. Supervised Learning: • Whatis it? • Steps: – Feature Selection – Training(provide Labelled Data) – Prediction
- 7. FEATURE SELECTION • Howfeatures are selected in Classification? • Some property with which you can distinguish two classes is A Feature • Feature can be represented as Vector,Boolean etc • Apple Vs Orange Class: – Feature: colour,weight,shape – Label: apple,guava
- 9. MODEL SELECTION Models forsupervised Learning: •K-Nearest Neighbours(KNN)-classification •K-Means clustering •SVM •Decision Tree •Random Forest •Naive Bayes Algorithm
- 10. K-Nearest Neighbours(KNN) • Supervisedlearning • Classification Algorithm • Similarity to neighbours-(Eucledian,Manhattan,Minkowski) • Euclidean distance • A circle around the point to be classified that contains k points
- 11. K-Means • Unsupervised learning •Clustering algorithm • Given some data we cluster the data to K groups • In each iteration the mean value of the cluster is updated • Centre calculated using Eucledian distance • ref video:https://www.youtube.com/watch? v=aiJ8II94qck
- 17. Support Vector Machines •Classifier • What are support vectors • Linearly separating Hyperplane • Margins with max separation
- 18. Support Vector Machines •ref:http://www.saedsayad.com/support_vector_machine.htm • videos: • https://www.youtube.com/watch?v=1NxnPkZM9bc • https://www.youtube.com/watch?v=5zRmhOUjjGY
- 19.
- 20. Random Forest • Ensemblelearning method • Uses output of multiple decision trees Ref:https://citizennet.com/blog/2012/11/10/random-forests-ensembles-and-performance-metrics/
- 21. Features for Malware Detection •Static: – Size – Signed/unsigned – Icon-exe file without icons – entropy • Behaviour: – Process executed from %appdata% and %temp% – Dropped file has random name eg xszsde.exe – Process creating run entries – Code injection
- 22. Training Sets formalware
- 23. Some application forMalware Traffic Detection • DGA algorithm detection • DGA: what is DGA? • Features: – N-Grams – Entropy – Dictionary – Reference:http://datadrivensecurity.info
- 24. ADVANCED TOPICS • NEURALNETWORKS • DEEP NEURAL NETWORKS
- 25. PYTHON LIBRARIES • Scikit-Learn •Numpy • Pandas