An Integrated Approach to Malware Identification Based on Dynamic Analysis and Deep Learning

Annotation: The article presents a new approach to malware identification. It is based on the idea of integrating program behavior analysis methods with modern machine learning algorithms. The process includes program disassembly, control flow graph construction, behavioral patterns detection in an isolated environment, metainformation extraction and program classification into 3 classes. The algorithmic basis of the developed approach is an ensemble of graph and hybrid neural networks. The purpose of the graph network is to analyze the control flow graph, and the hybrid network is to analyze static and dynamic features defined by Cockoo Sandbox, as well as assembly code obtained as a result of reverse engineering. The approach based on such an ensemble demonstrates an accuracy of 0.88 in classifying code into legitimate, malicious and APT malware and 0.94 - into legitimate and malicious.

Keywords: virus, dynamic analysis, static analysis, apt, malware