• malware detection
• machine learning

In the post-industrial society of Information and Knowledge, ICT technologies transform traditional processes into what is generically called the "digital impact". The devices connected to the network multiply and with them the motivations producing the newest external threats increase. The world of attackers has radically changed, becoming an increasingly organized and sustained environment in new forms. At the same time this change of scenario has modified the offensive techniques, giving space to new problems, such as targeted attacks and Advanced Persistent Threat. The security in distributed systems therefore depends on the evolution of defense paradigms: modern technologies go towards the integration of systems acting at various levels and reflecting the stratification of new types of attack. According to annual reports on cybersecurity, malware (malicious software) remains the main threat to be reckoned with. The so-called malware 2.0 integrate different new functions in the various phases of the attack: the prevention and detection of such malicious codes is therefore fundamental in countering modern cyber attacks. To perform an effective action in malware detection, it is essential to find within the malicious codes some indicators which automatically drive defense systems. This task can be accomplished by modules of machine learning, which, after their training and past experiences, recognize the attempts to compromise the system. From this point of view, a useful tool to study is the behavioral point of view of the code. The present thesis wants to validate an approach based on machine learning applied to dynamic behavioral analysis (considering attack actions in a controlled environment), through selecting some distinctive attributes found within malware.