Malware Detection Using Automated Generation of Yara Rules on Dynamic Features.

With the explosive growth of malware and its variants, automated malware detection is a hot topic in security. In this paper, we propose a malware detection method based on automated Yara rule generation on dynamic behaviors, mainly aiming to improve malware detection in terms of automation and effectiveness. Firstly, we extract the API call sequences as features from dynamic behaviors obtained in the sandbox. Secondly, we focus on the impact of runtime parameters containing significant semantic information in API calls on maliciousness discrimination. Then, we leverage random forest and logistic regression algorithms in YaraML to calculate weights for features extracted from API calls and runtime parameters and output a set of Yara rules. Finally, we use these Yara rules to perform malware detection. We conduct a set of experiments on a dataset of malicious samples and benign samples. The experimental results show that our method is effective in terms of accuracy and precision upon malware detection.