Automatic behavioural analysis of malware

Abstract: With malware becoming more and more diffused and at the same time more sophisticated in its attack techniques, countermeasures need to be set up so that new kinds of threats can be identified and dismantled in the shortest possible time, before they cause harm to the system under attack. With new behaviour patterns like the one shown by polymorphic and metamorphic viruses, static analysis is not any more a reliable way to detect those threats, and behaviour analysis seems a good candidate to fight against the next-generation families of viruses. In this project, we describe a methodology to analyze and categorize binaries solely on the basis of their behaviour, in terms of their interaction with the Operating System, other processes and network. The approach can strengten host-based intrusion detection systems by a timely classification of unkown but similar malware code. It has been evaluated on a dataset from the research community and tried on a smaller data set from local companies collected at University of Mondragone.