Malware Family Identification from Malspam Features

Project Title:

Malware Family Identification from Malspam Features


Dr Iqbal Gondal (SoEITPS), Dr Sally Firmin (SoEITPS)

Contact Person:

Project Brief

Malware is commonly distributed by attaching malicious scripts to unsolicited or targeted emails. Organisations that perform threat intelligence processing on malware often process several hundreds of thousands of malware samples per day. Different malware families have different processing requirements and are split into streams to ensure correct processing. A practical difficulty arises from this need to split the malware samples into family-based processing streams. A common method for malware family identification is to execute each malware sample on a Cuckoo sandbox and to use yara rules to identify the malware family. Given the high volume of malware samples that need to be processed, dynamic analysis using yara rules is too slow. This project calls for the generation of features from emails and the associated malicious attachment and an evaluation of a variety of machine learning techniques in order to identify the malware family.