Machine Learning and Network Traffic to Distinguish Between Malware and Benign Applications

Virus detection software is widely used for servers, systems, and devices that seek to maintain security and reliability. Although these programs provide an excellent safety level, the traditional defense methods fail to detect new Malware. The more advanced approach relies on predicting malicious behavior with dynamic analysis of the process executed. This paper presents a new method for detecting malware using machine learning algorithms applied to data obtained from the Cuckoo sandbox. The Cuckoo sandbox isolates the file being analyzed, providing detailed dynamic analysis reports. The machine learning algorithms were compared and the most important features were identified. The results were obtained using six popular classifiers, including SVM, Random Forest, and LightGBM, and the XGBOOST algorithm had the highest accuracy, at an average of 97%. However, the research on machine learning-based malware analysis is limited in terms of computational complexity and detection accuracy.