The high diffusion of malware and ransomware codes, together with the rapid polymorphic mutation in the different variants (polymorphic and metamorphic malware) of the same threats, has made traditional detection solutions based on signatures and hashing of image files obsolete, on which most common antivirus software is based.
It is therefore increasingly necessary to resort to machine learning (ML) solutions that allow a rapid screening (triage) of threats, focusing attention on not wasting scarce resources such as a malware analyst's skills and efforts.
This chapter will cover the following topics:
- Introducing the malware analysis methodology
- How to tell different malware families apart
- Decision tree malware detectors
- Detecting metamorphic malware with Hidden Markov Models (HMMs)
- Advanced malware detection with deep learning
