An Integrated Approach to Malware Identification Based on Dynamic Analysis and Deep Learning
DOI: 10.21293/1818-0442-2025-28-1-108-113
Abstract: The article presents a new approach to malware identification. It is based on the idea of integrating program behavior analysis methods with modern machine learning algorithms. The process includes program disassembly, control flow graph construction, behavioral patterns detection in an isolated environment, metainformation extraction and program classification into 3 classes. The algorithmic basis of the developed approach is an ensemble of graph and hybrid neural networks. The purpose of the graph network is to analyze the control flow graph, and the hybrid network is to analyze static and dynamic features defined by Cockoo Sandbox, as well as assembly code obtained as a result of reverse engineering. The approach based on such an ensemble demonstrates an accuracy of 0.88 in classifying code into legitimate, malicious and APT malware and 0.94 - into legitimate and malicious.
Keywords: virus, dynamic analysis, static analysis, apt, malware
Authors and copyright holders:
—
For citation:
Kurtukova A. V. An Integrated Approach to Malware Identification Based on Dynamic Analysis and Deep Learning. Doklady Tomskogo gosudarstvennogo universiteta sistem upravleniya i radioelektroniki, 2025, vol. 28, no. 1, pp. 108–113. DOI: 10.21293/1818-0442-2025-28-1-108-113
Last issue
-2025-1.jpg)
Editorial office address
Executive Secretary of the Editor’s Office
Editor’s Office: 40 Lenina Prospect, Tomsk, 634050, Russia
Phone / Fax: + 7 (3822) 701-582
Viktor N. Maslennikov
Executive Secretary of the Editor’s Office
Editor’s Office: 40 Lenina Prospect, Tomsk, 634050, Russia
Phone / Fax: + 7 (3822) 51-21-21 / 51-43-02
Subscription for updates
