Static and Dynamic Machine Learning Based Malware Detection Methods for Windows Programs

Bachelor Thesis from the year 2022 in the subject Computer Science - Commercial Information Technology, grade: 1.0, University of Applied Sciences Essen, language: English, abstract: One goal of the thesis is to evaluate static, dynamic and hybrid approaches in order to draw conclusions about the domains mentioned in the title of the thesis. Consequently, result-oriented conclusions about the characteristics that distinguish the three approaches from each other are to be drawn from the respective publications on basis of qualitative and quantitative evaluation criteria and the knowledge gap in the comparative literature is intended to be filled by the evaluation of hybrid approaches. The aim is to build a high-level understanding of the different methods and to identify differences and commonalities between these approaches based on research literature that presents new approaches within these domains. In particular, strengths, weaknesses and special properties of the three domains are to be determined. The second goal of this thesis is to develop a more comprehensive practical understanding of ML-based malware detection techniques, as exemplified by the practical section. Here, the ML workflow model is used to propose and implement a static malware detector step-by-step using the Python programming language and various ML algorithms. Accordingly the three primary research-questions this thesis aims to address are as follows: 1. Which static, dynamic and hybrid ML based approaches exist both in current and past research and how do they work? 2. How do the underlying methodological domains (static, dynamic and hybrid) com-pare under consideration of multiple quantitative and qualitative evaluation criteria? 3. How can a static malware detection model be implemented hands on in practice using the ML workflow process model as a guideline?