The Project aims to create an anti-malware mechanism to detect whether a portable executable file is malicious, if so, to classify the malware type. For that purpose, a set of malware classifiers trained with various machine learning techniques are used. Static and dynamic analysis are done to extract features from the executable’s structure and activities. Different malware classifiers run on different servers for different context-dependent purposes. Those contexts revolve around how fast the result is desired, the extent of scanning: the number and size of the files. Logs containing information regarding the scanning histories are presented in the client.
The system can: dynamically analyse by running suspected files on a virtual machine using a Cuckoo server, carry out static analysis, and image recognition on file byte maps.
The system manages to respond a lot faster than its open-sourced competitors. It manages to deliver the responsivity of machine learning based scanning methods compared to the signature-based methods. And it presents the user the option to choose how much of the performance to sacrifice while providing an opportunity to get very high accuracies with smaller false positive rates than its open-sourced competitors.