• There is a need for cross dimensional analysis of malware behavior since different types of malwares have different effects on the network, OS and hardware components of a system.
• The present solution employs either software based or hardware based solutions for detection, thus not utilizing the synergistic benefit of combining both solutions.
• At present, the malware detection products apply a one-size-fits-all approach to identifying malware, whereas malware classes are different requiring specialized handling of different classes.

SYSTEM: The system comprises of

1. Client device, which may include smartphones, laptops and traditional workstations.
2. A middle box server (or the device may also function as a server).
3. Gateway (implemented through internet protocol) to connect to the Internet.

The data from the client devices is collected in the following ways:

• The network data is collected by the modules comprising the gateway. Modules which typically form part of the network such as network protocol analyzer collects this data from the network.
• The OS data is collected with the help of data profilers running in the background.
• The hardware data is collected with the help of Performance Measurement Units (PMU), which are already part of the drivers installed along with the system (Diagrammatic representation in Fig. 4).

METHOD: The method comprises of following steps

1. Program executed; Data collection initiated.

2. Collected data is sent to malware detection models (labelled as P1, P2, Pn).

3. Predictions from the individual models fed into model aggregator; further shared with component aggregator.

4. Component aggregator makes final prediction of program maliciousness with sub classification of malware species.