A STUDY ON DIGITAL FORENSICS USING VARIOUS ALGORITHMS FOR MALWARE DETECTION

Dr. Anjana Pandey

doi:10.26483/ijarcs.v9i3.6084

Abstract

Malware Detection is a field of Digital Forensics which involves detection of known and unknown malware by various methods. Detection of real-time malware becomes a big challenge, the research done in the field has shown the advancement achieved in malware detection system designs and implementations. Although each malware is unique, malware has some common behavioral characteristics which can be examined and used for malware detection. This paper has a survey and analysis of various research works on Malware Detection using behavior characteristics and also introduces its problems and issues. Finally, we have compared various machine learning algorithms which can be used for most effective malware detection process. The implementation and the results of the study show that the Random Forest algorithm is a most efficient algorithm for detection of malicious files in any system.

Highlights

Malware Detection is a field of Digital Forensics which involves detection of known and unknown malware by various methods
The algorithm applied on the dataset needs to be accurate and efficient so as to detect the changes in the features or the behavior of the malicious code
The algorithm needs to perform with the same efficiency on each dataset so as to provide state-of-the-art detection of the malware

Summary

Introduction

Malware Detection is a field of Digital Forensics which involves detection of known and unknown malware by various methods. Digital Forensics has various branches such as Malware Detection, Criminal Data Mining, Database Extraction, File Recovery etc. This work is based on Malware Detection. Dictionary-based detection [1]: It is the approach where the Malware is identified on the basis of some particular attributes. Dictionary-based detection fails when the malware is not known or when malware changes the behavior at a fast rate. The signature-based process can extracts malware signatures more frequently and add them to the main dictionary. These techniques can be further classified as Static and Dynamic: Static method implementation involves detection of malware without running them.

Objectives

Methods

Results