Skip to Main Content
In this paper, a two-stage methodology to analyze and detect behavioral-based malware is presented. In the first stage, a random projection is decreasing the variable dimensionality of the problem and is simultaneously reducing the computational time of the classification task by several orders of magnitude. In the second stage, a modified K-Nearest Neighbors classifier is used with Virus Total labeling of the file samples. This methodology is applied to a large number of file samples provided by F-Secure Corporation, for which a dynamic feature has been extracted during Deep Guard sandbox execution. As a result, the files classified as false negatives are used to detect possible malware that were not detected in the first place by Virus Total. The reduced number of selected false negatives allows the manual inspection by a human expert.