Q1 Static vs. Dynamic Analysis
10 Points
(i) Provide 3 major differences between static analysis and dynamic analysis of malware?
(ii) When we extract static features using various tools, we may get a large number of features per binary. Not all the features are useful in classifying malware. How do we decide which features are important?
Save Answer
Q2 Mass vs. Targeted Malware
10 Points
(i) What is the difference between a mass malware and a targeted malware?
(ii) Suppose you are given a malware, and all tools to extract various features of the malware, including dynamic behavioral features. What features will you look for to know if this is a mass malware or a targeted one?
Q3 Malware Analysis
10 Points
(i) Suppose you are allowed to only carry out static analysis on a malware. Can you find out whether the malware connects to a command and control server and the IP addresses of the command and control servers it connects to?
(ii) What role do tools like apateDNS or iNetsim play in dynamic analysis of malware?
Save Answer
11:04 AM Submit CS973-HW5 | Gradescope
Q4 Malware Analysis II
10 Points
(i) Under what conditions a binary cannot be properly analyzed with static analysis tools? What do you do with such binaries?
(ii) For dynamic analysis, we use sandboxes in which the malware is executed. It is also called a detonator. Under what condition, a malware binary cannot be analyzed in a sandbox?
4/23, 11:04 AM Submit CS973-HW5 | Gradescope
Q5 Malware Analysis III
10 Points
Based on what you know so far about perceptron learning, Adaline learning, logistic regression, SVM, decision free, random forest etc., which machine learning model is likely to give best accuracy in your opinion and why?
(Note that the answer is not unique but your reasoning in favor of your choice algorithm should be rationalized properly to obtain credit in this question).
Save Answer