i have organization and have to assign work, regarding malware as under:-
My proposal is to work on classifying malware using CPU profiles of different types.
The idea would be to identify a fairly large number of features and test them in classifying malware with a different number of applications running.
For example, one could choose six applications, train a classifier for each, and then test its accuracy with different combinations of the six running applications.
A first design choice is then related to features. It would be nice to consider: CPU Time, Active Threads, User, Memory consumption, Energy consumption, Bytes Written, Bytes Read, Memory Area accessed, SysCalls, Sent Bytes, Received Bytes,
A second choice is how to encode these features. Our idea would be to generate feature vectors, embeddings, discretizing some properties of the time series, perhaps through SAX techniques, but also characterizing the series through the entropy or other and feed the vectors to classification algorithms or transductive learning to distinguish the profiles of different applications. To verify through an experiment how the degree of accuracy evolves as the number of running applications increases, I believe, would already be a very significant contribution.
create a virtual machine and install six software applications. You (1) first have to run applications separately to extract their profiles, (2) encoding the event log and verify you can classify it with good accuracy, (3) then organizing multiple executions where the software is executed in parallel, encode the event log and (4) verify if you can still classify the applications.