Malware Behavior Classification Approach Based on Naive Bayes

Because of the interference of obfuscation and polymorphism on malware analysis and detection, the dynamic analysis of malware binaries during run-time is becoming a research hotspot in intrusion detection field. Malware classification is a key problem in the research of dynamic malware behavior analysis. On the basis of the malware behavior monitoring result reports, after discussing of malware behavior characteristics, operation similarity of behavior and the effect of random factors on behavior pattern, this paper proposed a framework for automatic malware behavior classification using Naive Bayes machine learning model. The framework improves the accuracy and efficiency of classification by introducing the Naive Bayes. Then we designed and implemented automatic malware behavior classifier prototype called MalwareClassifier. In case study, we evaluated the prototype using behavior sequence reports which were generated through true malware. The experiment results show that our approach is effective, and the performance of training and classification is improved through the introduction of Naive Bayes model.