Malware Detection using machine learning (MDML)

Running it locally

streamlit run app.py

Author

Mohamed Benchikh

Analysis modules:

Static: Features are extracted from PE file headers (mainly Optional Header), Yara rules and digital signature.
Dynamic: Features are the API calls traced using Cuckoo Sandbox

Datasets construction

Static

Malware samples were acquired from MalwareBazaar while benign samples were acquired from multiple online hosting websites (ie. CNET) we then used pefile module in Python to parse PE headers and extract relevant features (chosen using benchmarks), we also used Yara capabilities, digital signature, and packing as features

Dynamic

we tweaked the APIMDS dataset from hksecurity and changed it from a dataset of API calls sequences to a dataset of binary values with predetermined features

Algorithm used

We compared multiple algorithms using a 10-Fold stratified cross validation process algorithm, we settled on Extreme Gradient Boosting (XGBoost) classification algorithm as it had the highest F1 score

Name		Name	Last commit message	Last commit date
Latest commit History 6 Commits
auxiliary		auxiliary
datasets		datasets
features		features
labels		labels
models		models
modules		modules
.gitattributes		.gitattributes
.gitignore		.gitignore
Aptfile		Aptfile
LICENSE		LICENSE
Procfile		Procfile
README.md		README.md
app.py		app.py
config.yaml		config.yaml
database.db		database.db
requirements.txt		requirements.txt
setup.sh		setup.sh

License

mohamedbenchikh/MDML

Folders and files

Latest commit

History

Repository files navigation

Malware Detection using machine learning (MDML)

Running it locally

Author

Analysis modules:

Datasets construction

Algorithm used

Project interfaces

Static

Dynamic

About

Topics

Resources

License

Stars

Watchers

Forks

Languages