AHMDS: Advanced Hybrid Malware Detector System

Malware development has become a serious activity lately. Furthermore, the purpose of malware development is getting worse as time goes by. Today, malware has been used as weapon, known as " Cyberweapon". Malware detector system is the frontline in war against malware. However, traditional malware detection systems that mainly use signature-based detection and API Call analysis are susceptible by obfuscations used by malwares. In this paper, we presented the design, implementation, and evaluation of AHMDS: Advanced Hybrid Malware Detector System -a hybrid malware detection system that uses behavioral malware detection technique and signature-based detection technique. AHMDS uses a virtual environment which runs above the operating system, making it safe to execute and analyze malware's behavior. To increase performance, AHMDS also uses signature-based detection that based on known malwares. AHMDS also uses whitelist filtering mechanism to decrease false positive rate. Evaluation on Microsoft Windows AHMDS Implementation shows that AHMDS is able to detect more than 99% of malware samples or 15.89% more than current market leading antivirus. In addition, AHMDS also detected ' special designed malware' that the other antivirus did not.