DYNAMIC ANALYSIS OF MALWARE USING ARTIFICIAL NEURAL NETWORKS WITH MACHINE LEARNING

Abstract

Sophisticated malware strains—including ransomware, polymorphic viruses, and advanced persistent threats— continue to outpace conventional signature-driven defenses, demanding a fundamentally more adaptive detection paradigm. This paper introduces a multi-layered malware classification framework that couples dynamic behavioral analysis with an Artificial Neural Network (ANN) classifier and two corroborating detection channels: YARA rulebased pattern matching and crowd-sourced threat intelligence obtained through the VirusTotal API. During controlled sandbox execution, a 28-dimensional feature vector is assembled from file entropy, Win32 API call distributions, portable executable (PE) header attributes, and network-activity indicators. The ANN—a three-layer feed-forward network trained with binary cross-entropy loss and Adam optimization—produces a probabilistic malice score that is subsequently fused with normalized YARA and VirusTotal signals under a weighted risk-scoring formula (ANN 40%, YARA 30%, VirusTotal 30%). Evaluated on a balanced corpus of 12,000 PE executables, the unified system achieves 96.4% detection accuracy, 96.9% precision, and 95.8% recall, surpassing standalone ANN, Random Forest, SVM, and signature baselines by margins of 2.6–18.1 percentage points. End-to-end sample latency averages 4.2 seconds, confirming near-real-time viability. The system is deployed as a Flask web application exposing file-upload, featureentry, and hash-lookup analysis modes, providing analysts with interpretable, actionable verdicts across diverse operational contexts.