Predicting the Dynamic Behaviour of Malware using RNN
Anuradha Sengupta1, S. Sivasankari2, V. Joseph Raymond3
1Anuradha Sengupta*, Department of Information Technology, SRM Institute of Science and Technology, Chennai, India.
2S. Sivasankari, Department of Information Technology, SRM Institute of Science and Technology, Chennai, India.
3V. Joseph Raymond, Department of Information Technology, SRM Institute of Science and Technology, Chennai, India.
Manuscript received on January 23, 2020. | Revised Manuscript received on February 05, 2020. | Manuscript published on February 30, 2020. | PP: 3557-3559 | Volume-9 Issue-3, February 2020. | Retrieval Number: C6291029320/2020©BEIESP | DOI: 10.35940/ijeat.C6291.029320
Open Access | Ethics and Policies | Cite | Mendeley
© The Authors. Blue Eyes Intelligence Engineering and Sciences Publication (BEIESP). This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
Abstract: Malware analysis can be classified as static and dynamic analysis. Static analysis involves the inspection of the malicious code by observing the features such as file signatures, strings etc. The code obfuscation techniques such as string encryption, class encryption etc can be easily applied on static code analysis. Dynamic or behavioural data is more difficult to obfuscate as the malicious payload may have already been executed before it is detected. In this paper, the dataset is obtained from repositories such as VirusShare and is run in Cuckoo Sandbox with the help of the agent.py. The dynamic features are extracted from the generated Cuckoo logs in the html and JSON format and it has to be determined whether it is malicious or not using recurrent neural networks. Recurrent Neural Networks are capable of predicting whether an executable is malicious and have the ability to capture time-series data.
Keywords: Behavioural Data, Cuckoo Sandbox, Recurrent Neural Networks, Zero-day Malware.