ATTENTION/WARNING - NE PAS DÉPOSER ICI/DO NOT SUBMIT HERE

Ceci est la version de TEST de DIAL.mem. Veuillez ne pas soumettre votre mémoire sur ce site mais bien à l'URL suivante: 'https://thesis.dial.uclouvain.be'.
This is the TEST version of DIAL.mem. Please use the following URL to submit your master thesis: 'https://thesis.dial.uclouvain.be'.
 

Building a smart and automated tool for packed malware detections using machine learning

Minet, Jeremy ; Roussieau, Julian
(2020)

Files

Minet_08411500_Roussieau_37571400_2020.pdf
  • Open access
  • Adobe PDF
  • 3.53 MB
Download

Details

Supervisors
Legay, Axel
Faculty
Ecole polytechnique de Louvain
Degree label
Master [120] en sciences informatiques
Abstract
Considering that the majority of anti-virus software are signature-based, it is relatively easy for hackers to evade such analysis by compressing or encrypting part of their harmful code. Such technique is often referred to as packing and is widely used since nowadays up to 80% of malware are packed. Detecting if an executable has been packed is therefore a fundamental step in the job of a malware analyst. Various implementations for packing detection have already been proposed but were either not robust enough or suffered from huge time overheads. In this report, we combine the best of several certified technologies to propose a powerful stand-alone detector. Based on the agreement upon multiple packing detectors, we build a constantly growing database able to produce a plethora of multifarious ground truths. Important sources of learning, they are then given to a selection of fine-tuned machine learning classifiers. Different processes like feature selection and economical analysis are then exploited to reveal and assess the best adjusted model, predicting a new input file with 99.5% of accuracy in less than 50 milliseconds.