A Major Project Synopsis on

“Malware Detection Using ML”

Submitted to

VISVESVARAYA TECHNOLOGICAL UNIVERSITY

Belagavi-590014, Karnataka

In partial fulfillment of the requirement for the award of the

degree of Bachelor of Engineering
In
Computer Science and Engineering

Team Member’s
Vaishnavi Math (3GN22CS111)
Simran Jit (3GN22CS098)

Under the guidance of Prof. Premala

DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

GURU NANAK DEV ENGINEERING COLLEGE

MAILOOR ROAD, BIDAR-585403, KARNATAKA

Phone: 08482- 226949 Website: www.gndecb.ac.in

Dr. Premala bhandar Prof Guru Prasad Dr. Anuradha Signature of

guide Signature of guide Signature of HOD

Page | 1
DEPT OF CSE, GNDECB
 TITLE OF THE PROJECT

Malware Detection Using ML

ABSTRACT

The rapid evolution of malware, including trojans, ransomware, and spyware, presents a
major cybersecurity challenge. Traditional detection methods, such as signature-based
techniques, struggle against obfuscation and polymorphic threats. To address these
limitations, machine learning (ML)-based malware detection offers an intelligent and
adaptive approach.

This project integrates static and dynamic malware analysis with ML for improved threat
detection. A hybrid approach enhances classification accuracy using ML models like
Random Forest, Support Vector Machines (SVM), and Deep Learning.

Using datasets such as the Microsoft Malware Dataset and VirusShare, the system extracts
critical features like API calls and opcode sequences to train ML algorithms. This project
highlights the potential of AI-driven cybersecurity, providing a scalable and efficient solution
to combat evolving malware threats.

LITERATURE REVIEW

1.Introduction & Overview

• Emerging Threats: Malware—including trojans, ransomware, and spyware—
continues to evolve, rendering traditional signature-based methods increasingly
ineffective.
[Article 1: ScienceDirect survey on evolving malware threats]
• Need for Intelligent Solutions: The limitations of conventional methods have driven
research toward machine learning (ML) as a more adaptive solution for malware
detection.
[Article 2: MDPI review on ML in cybersecurity]

2. Advancements in ML for Malware Detection

• Efficacy of ML Algorithms: Research shows that ML models (e.g., SVM, Random
Forest, Deep Neural Networks) significantly improve malware classification accuracy.
[Article 3: IEEE study on ML classifiers for malware]

Page | 2
DEPT OF CSE, GNDECB
[Article 4: ACM conference paper on ML approaches in security]
• Comparison with Traditional Methods: Studies demonstrate that ML-based systems
can detect both known and unknown malware more effectively than static
signaturebased methods.
[Article 5: ScienceDirect comparative study]

3. Static Analysis Techniques

• Feature Extraction from Code: Static analysis focuses on extracting features such as
file metadata, opcodes, and PE header information without executing the code. [Article
6: Elsevier research on static feature extraction]
• Tools and Techniques: Tools like YARA, PE Studio, and IDA Pro are frequently used
to generate features for ML models.
[Article 7: Journal of Cybersecurity article on static analysis tools]

4. Dynamic Analysis Approaches

• Behavioral Analysis: Dynamic analysis monitors runtime behavior such as API calls,
system calls, and network activities, providing a behavioral profile of malware. [Article
8: Springer article on dynamic analysis methods]
• Advantages Over Static Analysis: Dynamic techniques can reveal malicious behavior
that static analysis might miss due to code obfuscation or packing.
[Article 9: IEEE paper on dynamic behavior monitoring]

5. Deep Learning Applications

• Advanced Neural Networks: Deep learning models, including Convolutional Neural
Networks (CNNs) and Recurrent Neural Networks (RNNs), have been applied
successfully to malware detection.
[Article 10: JATIT article on deep learning for malware classification]
• Graph Neural Networks (GNNs): Emerging research has applied GNNs to capture
the complex relationships in malware code structures for improved detection.
[Article 11: arXiv study on GNN-based malware detection]

Page | 3
DEPT OF CSE, GNDECB
6. Hybrid & Graph-Based Approaches
• Combining Static & Dynamic Analysis: Hybrid approaches merge static and
dynamic features to provide a more comprehensive detection framework, improving
overall accuracy.

[Article 12: IEEE hybrid analysis research]

• Graph Representations: Graph-based methods model malware as networks of
interactions, enabling robust classification even against sophisticated obfuscation
techniques.
[Article 13: arXiv paper on graph-based representations]

PROBLEM STATEMENT
Traditional malware detection struggles against evolving threats like trojans, ransomware, and
spyware due to code obfuscation and resource-heavy analysis. Machine learning (ML) offers
a promising solution but faces challenges like adversarial attacks and data limitations. This
project develops an ML-based malware detection system combining static and dynamic
analysis for improved accuracy and resilience. Using datasets like Microsoft Malware
Dataset and VirusShare, it applies Random Forest, SVM, and Deep Learning to enhance
detection and cybersecurity efficiency.

OBJECTIVES
1. Develop an ML-Based Detection System – Design a robust malware detection
framework using machine learning to classify and identify malware effectively.
2. Integrate Static and Dynamic Analysis – Combine static features (e.g., file
metadata, PE headers) and dynamic behaviors (e.g., API calls, network activity) to
enhance detection accuracy.
3. Utilize Real-World Datasets – Train and test the system using datasets like
Microsoft Malware Dataset and VirusShare to ensure reliability and adaptability.
4. Enhance Model Performance – Optimize detection models by applying Random
Forest, SVM, and Deep Learning, improving accuracy and minimizing false
positives.
5. Ensure Scalability and Resilience – Develop a scalable solution that adapts to
evolving malware threats while being resistant to adversarial attacks and evasion
techniques.
SCOPE

Page | 4
DEPT OF CSE, GNDECB
 1. ML-Based Detection – Uses Random Forest, SVM, and Deep Learning to classify
malware.
2. Static & Dynamic Analysis – Examines file structures and runtime behavior for
better detection.
3. Real-World Datasets – Trains on Microsoft Malware Dataset and VirusShare for
accuracy.
4. Cybersecurity Enhancement – Provides an automated, scalable, and adaptive
malware detection system.
5. Future Scope – Focuses on detection, not remediation, but lays the foundation for
security improvements.

SOFTWARE USED
1. Programming: Python (Scikit-Learn, TensorFlow, Pandas, NumPy).
2. Analysis Tools: IDA Pro, YARA, PE Studio, Wireshark.
3. Development: Jupyter Notebook, PyCharm, VS Code.
4. Testing: Kali Linux, Windows Sandbox.
5. Datasets: Microsoft Malware Dataset, VirusShare, Kaggle

Hardware Requirements
• A processor with Intel i5/i7 or AMD Ryzen 5/7 (or higher) is needed for efficient
computations.
• At least 8GB RAM is required, but 16GB or more is recommended for deep learning
tasks.
• A 256GB SSD is the minimum storage requirement, though 512GB+ is preferred for
handling large datasets.
• For deep learning-based malware detection, an NVIDIA GTX 1650 or higher GPU
is beneficial.
• A stable internet connection is necessary for downloading datasets and using online
tools. Virtualization support is also recommended for sandbox testing.

Expected Outcome

Page | 5
DEPT OF CSE, GNDECB
This project aims to develop an intelligent malware detection system using machine
learning techniques. By analyzing static and dynamic features of malware, the system will
accurately classify threats such as trojans, ransomware, and spyware. The integration of
machine learning models will enhance detection accuracy, reduce false positives, and improve
response times.
The system will utilize datasets like the Microsoft Malware Dataset and VirusShare to train
and validate the models. Additionally, it will incorporate tools like IDA Pro, YARA, and PE
Studio for feature extraction and malware analysis, ensuring a robust detection mechanism.
The final model is expected to provide real-time malware detection with high precision,
improving cybersecurity measures for individuals and organizations.
It will help in automating malware analysis, reducing reliance on manual inspection. The
system may also offer a visualization component for better threat interpretation. By
successfully implementing this approach, the project will contribute to stronger
cybersecurity defenses, enabling proactive threat mitigation and minimizing the risk of
cyberattacks.

REFERENCES

[1] S. Nari & A. Ghorbani, "Automated malware detection using ML," *ICNC*, 2013. [DOI:
10.1109/ICNC.2013.6523863](https://ieeexplore.ieee.org/document/6523863)

[2] A. Saxe & K. Berlin, "Deep learning-based malware detection," *MALWARE*, 2015.
[DOI: 10.1109/MALWARE.2015.7413680](https://ieeexplore.ieee.org/document/7413680)

[3] G. Vasiliadis et al., "GPU-assisted malware detection using CUDA," *RAID*, 2010.
[Link](https://dl.acm.org/doi/10.1007/978-3-642-15512-3_3)

[4] Y. Ye et al., "PE-malware detection via association mining," *J. Comput. Virol.*, 2008.
[DOI: 10.1007/s11416-007-0064-0](https://link.springer.com/article/10.1007/s11416-0070064-0)

[5] R. Perdisci et al., "McBoost: Scalable malware analysis via classification," *ACSAC*,
2011. [DOI: 10.1145/2076732.2076747](https://dl.acm.org/doi/10.1145/2076732.2076747)

Page | 6
DEPT OF CSE, GNDECB
[6] A. Krizhevsky et al., "ImageNet classification using deep CNNs," *NeurIPS*, 2012.
[Link](https://proceedings.neurips.cc/paper/2012/hash/c399862d3b9d6b76c8436e924a6
8c45 b-Abstract.html)

[7] N. Peiravian & X. Zhu, "ML for Android malware detection," *ICTAI*, 2013. [DOI:
10.1109/ICTAI.2013.53](https://ieeexplore.ieee.org/document/6719605)

[8] T. Stiborek & J. Oravec, "Static malware detection via ML," *IEEE TIFS*, 2019. [DOI:
10.1109/TIFS.2019.2898851](https://ieeexplore.ieee.org/document/8660605)

[9] B. D. Kang et al., "Deep learning for malware detection," *IEEE SP*, 2020. [DOI:
10.1109/SP40000.2020.00030](https://ieeexplore.ieee.org/document/9152772)

[10] Y. Du et al., "Survey on DL-based malware detection," *IEEE TNNLS*, 2021. [DOI:
10.1109/TNNLS.2021.3078692](https://ieeexplore.ieee.org/document/9442196)

[11] "ML & DL for malware detection," *IEEE Xplore, ScienceDirect, arXiv*. [General link]
(https://www.ieee.org/)

[12] K. He et al., "Deep residual learning for image recognition," *CVPR*, 2016. [DOI:
10.1109/CVPR.2016.90](https://ieeexplore.ieee.org/document/7780459)

[13] OpenCV documentation: [https://opencv.org/]

[14] "AI-based malware classification," *Springer, ACM, MDPI*.

[General link](https://link.springer.com/)

[15] R. Girshick et al., "Region-based CNNs for detection," *CVPR*, 2014. [DOI:
10.1109/CVPR.2014.81](https://ieeexplore.ieee.org/document/6909475)

Page | 7
DEPT OF CSE, GNDECB