| 000 -LEADER |
|---|
| fixed length control field |
02692nam a22001817a 4500 |
| 003 - CONTROL NUMBER IDENTIFIER |
|---|
| control field |
NUST |
| 005 - DATE AND TIME OF LATEST TRANSACTION |
|---|
| control field |
20260311125241.0 |
| 082 ## - DEWEY DECIMAL CLASSIFICATION NUMBER |
|---|
| Classification number |
005.8,JAV |
| 100 ## - MAIN ENTRY--PERSONAL NAME |
|---|
| Personal name |
Javed, Sheikh Muhammad Zeeshan |
| 9 (RLIN) |
133638 |
| 245 ## - TITLE STATEMENT |
|---|
| Title |
Machine Learning based Malware Classification Framework using Malware Behavior / |
| Statement of responsibility, etc. |
Sheikh Muhammad Zeeshan Javed |
| 260 ## - PUBLICATION, DISTRIBUTION, ETC. |
|---|
| Place of publication, distribution, etc. |
Rawalpindi, |
| Name of publisher, distributor, etc. |
MCS (NUST), |
| Date of publication, distribution, etc. |
2026 |
| 300 ## - PHYSICAL DESCRIPTION |
|---|
| Extent |
xvii, 132 p |
| 505 ## - FORMATTED CONTENTS NOTE |
|---|
| Formatted contents note |
Malware analysis is a critical component of modern cybersecurity, enabling the identification,<br/>understanding, and mitigation of malicious software. This dissertation investigates<br/>the evolution of machine learning–based approaches for large-scale, behavior-driven<br/>malware classification, with the objective of improving detection accuracy, scalability,<br/>and robustness across diverse computing platforms.<br/>Initially, this research presents a comprehensive review of existing machine learning–<br/>based malware detection and classification techniques, highlighting their strengths<br/>and limitations. Static analysis–based approaches, which extract features directly from<br/>executable files without program execution, have gained widespread adoption due to<br/>their low computational cost and ease of deployment. However, these methods are highly<br/>susceptible to obfuscation, packing, and evasion techniques. Dynamic analysis–based approaches,<br/>which examine malware behavior during execution in controlled environments,<br/>have been increasingly explored. Although dynamic analysis offers improved resilience<br/>against static evasion techniques, many existing approaches rely on a limited set of<br/>behavioral features, such as API call sequences. This narrow feature representation<br/>limits their ability to capture complex and evolving malware behaviors, thereby reducing<br/>classification performance and generalization in real-world, large-scale environments.<br/>Subsequently, this dissertation proposes a novel malware classification framework<br/>based on a stack ensemble machine learning model that leverages large-scale IoT malware<br/>behavioral data. The proposed framework integrates multi-dimensional dynamic<br/>features, including memory dump characteristics, file system activities, network interactions,<br/>process behaviors, command executions, URL communications, and memory access patterns. A key contribution of this work is its scalability and computational<br/>efficiency, which make it well-suited for deployment in resource-constrained IoT environments<br/>while achieving high classification accuracy. |
| 650 ## - SUBJECT ADDED ENTRY--TOPICAL TERM |
|---|
| Topical term or geographic name entry element |
PhD Information Security Thesis |
| 9 (RLIN) |
132793 |
| 651 ## - SUBJECT ADDED ENTRY--GEOGRAPHIC NAME |
|---|
| Geographic name |
PhD IS Thesis |
| 9 (RLIN) |
132794 |
| 700 ## - ADDED ENTRY--PERSONAL NAME |
|---|
| Personal name |
Supervised by Dr. Muhammad Faisal Amjad |
| 9 (RLIN) |
133639 |
| 942 ## - ADDED ENTRY ELEMENTS (KOHA) |
|---|
| Source of classification or shelving scheme |
|
| Koha item type |
Thesis |
