DPS Ruby Park

Topic: Malware Detection

Name: Akash Majumdar

Class: IX Roll Number: 8
Sec: K Term I Project
 OBJECTIVE OF THE PROJECT
Malware is one of the most serious security threats on the Internet
today. Computers that are compromised with malware are often
networked together to form botnets, and many attacks are
launched using these malicious, attacker-controlled networks. In
order to deal with the new malware generated, new techniques to
detect them and prevent any damage caused by them.
To investigate on how to implement machine learning to
malware detection in order to detection
unknown malware. To develop a malware detection
software that implement machine learning
to detect unknown malware. To validate that malware
detection that implement machine
learning will be able to achieve a high accuracy rate with
low false positive rate.
To investigate on how to implement machine learning to
malware detection in order to detection
unknown malware. To develop a malware detection
software that implement machine learning
to detect unknown malware. To validate that malware
detection that implement machine
learning will be able to achieve a high accuracy rate with
low false positive rate.
To investigate on how to implement machine learning to malware
detection in order to detection unknown malware. To develop a
malware detection software that implement machine learning to
detect unknown malware. To validate that malware detection that
implement machine learning will be able to achieve a high accuracy
rate with low false positive rate.

computers that are compromised with malware are often

networked
together to form botnets, and many attacks are
launched using these malicious, attacker-
controlled networks.
In order to deal with the new malware generated, new
techniques to detect them and prevent
any damage caused by them
computers that are compromised with malware are often
networked
together to form botnets, and many attacks are
launched using these malicious, attacker-
controlled networks.
In order to deal with the new malware generated, new
techniques to detect them and prevent
any damage caused by them
computers that are
compromised with malware are
often networked
together to form botnets, and
many attacks are launched
using these malicious,
attacker-
controlled networks.
In order to deal with the new
malware generated, new
techniques to detect them and
prevent
any damage caused by them
 SYSTEM COMPONENTS
Hardware Component Interfaces:
Device: High resolution and sturdy Laptop or Desktop Computers

Processor: core i3 3rd Generation and above

RAM: 6GB as minimum and above

Hard Disk: 100 GB and above

Software Component Interfaces:

Operating System: Microsoft/Linux / Ubuntu

Edition: Windows 10/Windows 11

Language used: Python

Version: 20H2

Platforms: Spyder, Anaconda prompt, PYTHON IDLE (3.11 – 64Bit)

 EXPECTED INPUTS AND
OUTPUTS
The system works and if present detects the known
malware present in the system, some may be as
follows:-

 If a malware is loaded and the processor run, then it will

give the output in the form of the most common
malwares.

 “Malware Detected” should be alarmed if such a virus is

discovered by the code.

 Software scans all attached devices and peripherals to

thwart potential viruses from entering the system
through external sources. And will try to kill the virus
immediately.

 If the Virus is not stoppable, the antivirus will force shut

down the computer before the malware reaches the
files of the device

Malware Detection will sound the emergency alarm if any

of the following common malwares are found in any of
the attached /connected /linked devices.
Some of them are as follows:
 Ransomware: It is a type of malware that is
designed to infect a computer and encrypt important
files on it.

 Viruses: Computer viruses are malware that work

by infecting other programs on a computer

 Trojans: Trojan is a general term for malware

designed to masquerade as something else

 Rootkits: Rootkits are malware that is designed to

be stealthy and snoop on a computer user.

 Fileless: Fileless malware is designed to evade

detection by replacing custom malicious code with
the use of functionality built into the target system.
This makes this type of malware more difficult to
detect because it lacks the standalone file.

 Adware: Adware is malware that is designed to

serve unwanted ads to a computer user.

 Cryptocurrency Malware: It is mining

software is designed to take advantage of the
 fact that some cryptocurrencies pay miners for
solving Proof of Work computational puzzles.

 Botnet: A botnet is a collection of infected

computers that an attacker controls and uses to
perform DDoS, credential stuffing, and other
large-scale automated attacks.

 Info-stealers: This type of malware can collect

a range of different types of information,
including personal details, login credentials,
financial data, or other information.
 MODULES USED
1. Tables
1.1. Users
 user_id (Primary Key)
 username
 email
 password_hash
 first_name
 last_name
 created_at
 updated_at
1.2. Devices
 device_id (Primary Key)
 user_id (Foreign Key)
 device_name
 device_type
 last_scan_date
 last_update_date
1.3. MalwareDefinitions
 definition_id (Primary Key)
 malware_name
 malware_type
 signature
 created_at
 updated_at
1.4. Scans
 scan_id (Primary Key)
 device_id (Foreign Key)
 start_time
 end_time
 status (e.g., scanning, completed, failed)
 threats_detected
 threats_cleaned
 1.5. ScanResults
 result_id (Primary Key)
 scan_id (Foreign Key)
 definition_id (Foreign Key)
 file_path
 result_status (e.g., clean, infected)
 action_taken (e.g., cleaned, quarantined)
1.6. Updates
 update_id (Primary Key)
 device_id (Foreign Key)
 update_date
 updated_components
1.7. Logs
 log_id (Primary Key)
 device_id (Foreign Key)
 log_date
 log_type (e.g., scan, update, error)
 log_details
2. Relationships:
 One-to-Many relationship between Users and
Devices (One user can have multiple devices)
 One-to-Many relationship between Devices and
Scans (One device can have multiple scans)
 One-to-Many relationship between Scans and
ScanResults (One scan can have multiple scan
results)
 One-to-Many relationship between Devices and
Updates (One device can have multiple updates)
 One-to-Many relationship between Devices and
Logs (One device can have multiple logs)
3. Indexes:
 Index on user_id in Users table for faster
retrieval of user-related information.
  Index on device_id in Devices table for faster
retrieval of device-related information.
 Index on definition_id in MalwareDefinitions
table for faster retrieval of malware
definition-related information.
 Index on scan_id in Scans table for faster
retrieval of scan-related information.
 Index on update_id in Updates table for faster
retrieval of update-related information.

SCOPES OF THIS CODE:

 The software kills any virus that might enter a device.

 It blocks harmful viruses from entering through unsafe plug

ports, sockets, connections, unsafe WIFI, and so on.

 Applications contaminated will be force shut down and will

not be opened unless forced by the user to do so.

 It can perform high level math problems and also simple

arithmetic problems.

 It helps in scanning websites without taking too long which

can insert harmful malware in some scenarios.

 When run on pc it can oppose videos and images which can

damage the safety of the computer

 Also on a pc it can help search for virus and apps can be

opened safely.
 Limitations
Problems Faced

Future Scope in Real Life

In addition to that, in a real-world application, the maximum

number of possible families should be used before the launch of
the project for real-world environments. The dataset used in this
study is broad, covering most of the malware types that are
relevant to the modern world, it does not cover all possible
types. Also, it is important to understand that the model will
only be able to predict the samples of the families that it has
seen earlier implying provided that these only serve for the
malwares that have been discovered already, and is not meant
for the unknown kind.
References

https://www.blackhat.com/docs/us-17/thursday/
us-17-Anderson-Bot-Vs-Bot-Evading-Machine-
Learning-Malware-Detection-wp.pdf

https://en.wikipedia.org/wiki/Malware_https://
www.kaggle.com/

https://www.infosecurity-magazine.com/search/#
gsc.tab=0

https://www.kaggle.com/

https://towardsdatascience.com

https://www.checkpoint.com/cyber-hub/threat-
prevention/what-is-malware/the-5-most-common-
types-of-malware/

RAM : 4GB(minimum) and

above
Hard disk : 100 GB (minimum)
and above
2.2 Software Requirements
Operating System: Windows,
Linux – Ubuntu
Platforms: Jupyter, Spyder,
Google Collab, Anaconda
prompt, Virtual Box
Languages: Python
Web browsers: Chrome,
Firefox
Hardware interface