1. Printing: This poster is 48” wide by 36” high. It’s designed to be printed on a large-format printer. Customizing the Content: The placeholders in this poster are formatted for you. Type in the placeholders to add text, or click an icon to add a table, chart, SmartArt graphic, picture or multimedia file. To add or remove bullet points from text, just click the Bullets button on the Home tab. If you need more placeholders for titles, content or body text, just make a copy of what you need and drag it into place. PowerPoint’s Smart Guides will help you align it with everything else. Want to use your own pictures instead of ours? No problem! Just right-click a picture and choose Change Picture. Maintain the proportion of pictures as you resize by dragging a corner. Intelligent Malware Detection System Group Members: Alex Finkelstein, Kevin Hao, Josh Suess, Dom Amos, Mike Hite Advisor: Dr. Yanfang Ye GROWTH OF MALWARE BACKGROUND We implement data mining techniques to grow our database of malicious behavioral signatures. By doing so we improve the accuracy of our detection system. We first map each Windows API call to an integer value. Our program then takes in a directory of malicious files and extracts the API calls from each file. An integer vector is then generated from each of the API calls made in the file and uploaded to the database. Each of these vectors serves as the behavioral signature for each file and after completion of the previously described process our database is populated with vectors of malicious behavior. When the user uploads a file the system generates the behavioral signature for the file and compares it with the malicious vectors in the database. If the file has never been seen before it is uploaded to the database after a determination of its safety. FEATURES What can our software do for you? Full Scans – Scan all files in the system for malicious content Quick Scans – Scan the most recently used folders Custom Scans – Scan only the user selected folders for malicious content THE FUTURE OF MALWARE DETECTION With the growing number of and intelligence of malicious attacks on computer systems there is a need for intelligent detection capable of recognizing and responding to threats. The focus of our project is to create a system with the ability to dynamically identify malicious files through their behavioral signatures. Our system implements data mining and big data analytics coupled with advanced detection algorithms to move away from the classic static signature detection approach towards a more robust and accurate method of malware detection. CLASSIFICATION For our classification method we used the Naïve Bayes Algorithm First we take the number or malicious files in our database called X Then the number of benign files in our database called Y The total number of files in our database called Z The prior probability of the file being malicious is X/Z and the prior probability of the file being benign is Y/Z Next we determine how many files in our database share a certain number of API calls with the new file that needs to be classified. The files that share this set number are determined to be “close” Probability new file is malicious: Number of malicious close files/ X and Probability new file is benign: Number of benign files/Y The final step is to compare Prior Probability of malicious * Probability new file is malicious and Prior probability of benign * probability new file is benign. We classify the new file as whichever value is higher. DATA MINING Kaspersky reports that around the world 200,000 new malware samples are discovered every day. An average of $345,000 is lost or stolen per incident of accounts and passwords stolen. In 2014, malware will cost enterprises an estimated $500 billion dollars, and consumers an estimated $25 billion dolllars. Approximately 1.2 billion man hours will be wasted dealing with the effects of malware [1]. The architects of newer malware embed avoidance techniques in their malware to allow it to evade detection from anti virus and other detection systems. Encryption Packing Obfuscation Polymorphism Metamorphism Traditional signature based detection is becoming obsolete and ineffective against this new malware. There is an obvious need for a smarter detection system that does not depend on static signatures.