Hybrid analysis approach for classification of malware collected by nepenthes and Dionaea Honeypot
Loading...
Files
Date
2016-08
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
G.B. Pant University of Agriculture and Technology, Pantnagar - 263145 (Uttarakhand)
Abstract
Large scale networks face daily thousands of network attacks. No matter the strength of the existing security defending mechanisms, these networks remain vulnerable, as new tools and techniques are being constantly developed by hackers. A new promising technology that lures the attackers in order to monitor their malicious activities and divulge their intentions is emerging with Virtual Honeypots. In the present study, a hybrid analysis approach has been presented that used to classify the malware collected by nepenthes and dionaea honeypots deployed in our university.
The malicious data captured has been thoroughly analyzed with in an isolated environment that has been setup for the hybrid analysis of each malicious executable files. The data extracted from the hybrid analysis process, provides information about the behaviour and different activities carried out by the malware on its being active. Based on these activities and behavioural patterns of malicious executables the malware was classified using the k-nearest neighbour classification algorithm. This helps in identifying the malwares, providng advisories to
safeguard from malware attacks and also in predicting the new malwares. The dataset used is the binary files captured by the honeypots which is of 242MB size captured during the period of three months. The results have been classified in 11 classes of malware. In this study seven malware have been illustrated highlighting the result outcomes of hybrid analysis consisting of static and dynamic analysis along with salient observations in each case and finally summarizing the overall findings.