Journal ArticleDOI
A survey of malware behavior description and analysis
TLDR
This paper conducts a survey on malware behavior description and analysis considering three aspects: malware behavior described, behavior analysis methods, and visualization techniques.Abstract:
Behavior-based malware analysis is an important technique for automatically analyzing and detecting malware, and it has received considerable attention from both academic and industrial communities. By considering how malware behaves, we can tackle the malware obfuscation problem, which cannot be processed by traditional static analysis approaches, and we can also derive the as-built behavior specifications and cover the entire behavior space of the malware samples. Although there have been several works focusing on malware behavior analysis, such research is far from mature, and no overviews have been put forward to date to investigate current developments and challenges. In this paper, we conduct a survey on malware behavior description and analysis considering three aspects: malware behavior description, behavior analysis methods, and visualization techniques. First, existing behavior data types and emerging techniques for malware behavior description are explored, especially the goals, principles, characteristics, and classifications of behavior analysis techniques proposed in the existing approaches. Second, the inadequacies and challenges in malware behavior analysis are summarized from different perspectives. Finally, several possible directions are discussed for future research.read more
Citations
More filters
Journal ArticleDOI
Dynamic Analysis for IoT Malware Detection With Convolution Neural Network Model
TL;DR: A dynamic analysis for IoT malware detection (DAIMD) is proposed to reduce damage to IoT devices by detecting both well-known IoT malware and new and variant IoT malware evolved intelligently.
Journal ArticleDOI
Tight Arms Race: Overview of Current Malware Threats and Trends in Their Detection
Luca Caviglione,Michal Choras,Igino Corona,Artur Janicki,Wojciech Mazurczyk,Marek Pawlicki,Katarzyna Wasielewska +6 more
TL;DR: A detailed meta-review of the existing surveys related to malware and its detection techniques, showing an arms race between these two sides of a barricade, is presented in this article.
Journal ArticleDOI
Crypto-ransomware early detection model using novel incremental bagging with enhanced semi-random subspace selection
TL;DR: Two novel techniques; incremental bagging (iBagging) and enhanced semi-random subspace selection (ESRS) are proposed and incorporates them into an ensemble-based detection model and achieved higher detection accuracy than existing solutions.
Journal ArticleDOI
A Pseudo Feedback-Based Annotated TF-IDF Technique for Dynamic Crypto-Ransomware Pre-Encryption Boundary Delineation and Features Extraction
Bander Ali Saleh Al-rimy,Mohd Aiziani Maarof,Mamoun Alazab,Fawaz Alsolami,Syed Zainudeen Mohd Shaid,Fuad A. Ghaleb,Tawfik Al-Hadhrami,Abdullah Marish Ali +7 more
TL;DR: A Dynamic Pre-encryption Boundary Delineation and Feature Extraction (DPBD-FE) scheme that determines the boundary of the pre-enc encryption phase, from which the features are extracted and selected more accurately compared to related works is proposed.
Book ChapterDOI
Analysis and Evaluation of Dynamic Feature-Based Malware Detection Methods
TL;DR: The main objective is to find more discriminative dynamic features to detect malware executables by analyzing different dynamic features with common malware detection approaches by evaluating some dynamic feature-based malware detection and classification approaches.
References
More filters
Proceedings ArticleDOI
Visual analysis of malware behavior using treemaps and thread graphs
TL;DR: In this article, the authors use a parametrized abstraction of detailed behavioral reports automatically generated by sandbox environments and explore two visualization techniques: treemaps and thread graphs to support human analysts in detecting maliciousness of software and classifying malicious behavior.
Book ChapterDOI
Countering Persistent Kernel Rootkits through Systematic Hook Discovery
TL;DR: This paper has built a proof-of-concept system called HookMap and evaluated it with a number of Linux utility programs such as ls, ps, and netstatin RedHat Fedora Core 5, finding that there exist 35 kernel hooks in the kernel-side execution path of lsthat can be potentially hijacked for manipulation.
Journal ArticleDOI
Profiling and classifying the behavior of malicious codes
TL;DR: In this article, the authors proposed a framework to extract features statically and dynamically from malware that reflect the behavior of its code such as the Windows Application Programming Interface (API) calls.
Journal ArticleDOI
The rise of malware
TL;DR: The number of papers published by Asian countries such as China, Korea, India, Singapore and Malaysia in relation to the Middle East and North America is discussed and there are several significant impacts of research activities in Asia, in comparison to other continents.
Journal ArticleDOI
Deriving common malware behavior through graph clustering
TL;DR: A method to construct a common behavioral graph representing the execution behavior of a family of malware instances, which has a common path, called HotPath, which is observed in all the malware instances in the same family.