Journal ArticleDOI
A survey of malware behavior description and analysis
TLDR
This paper conducts a survey on malware behavior description and analysis considering three aspects: malware behavior described, behavior analysis methods, and visualization techniques.Abstract:
Behavior-based malware analysis is an important technique for automatically analyzing and detecting malware, and it has received considerable attention from both academic and industrial communities. By considering how malware behaves, we can tackle the malware obfuscation problem, which cannot be processed by traditional static analysis approaches, and we can also derive the as-built behavior specifications and cover the entire behavior space of the malware samples. Although there have been several works focusing on malware behavior analysis, such research is far from mature, and no overviews have been put forward to date to investigate current developments and challenges. In this paper, we conduct a survey on malware behavior description and analysis considering three aspects: malware behavior description, behavior analysis methods, and visualization techniques. First, existing behavior data types and emerging techniques for malware behavior description are explored, especially the goals, principles, characteristics, and classifications of behavior analysis techniques proposed in the existing approaches. Second, the inadequacies and challenges in malware behavior analysis are summarized from different perspectives. Finally, several possible directions are discussed for future research.read more
Citations
More filters
Journal ArticleDOI
Dynamic Analysis for IoT Malware Detection With Convolution Neural Network Model
TL;DR: A dynamic analysis for IoT malware detection (DAIMD) is proposed to reduce damage to IoT devices by detecting both well-known IoT malware and new and variant IoT malware evolved intelligently.
Journal ArticleDOI
Tight Arms Race: Overview of Current Malware Threats and Trends in Their Detection
Luca Caviglione,Michal Choras,Igino Corona,Artur Janicki,Wojciech Mazurczyk,Marek Pawlicki,Katarzyna Wasielewska +6 more
TL;DR: A detailed meta-review of the existing surveys related to malware and its detection techniques, showing an arms race between these two sides of a barricade, is presented in this article.
Journal ArticleDOI
Crypto-ransomware early detection model using novel incremental bagging with enhanced semi-random subspace selection
TL;DR: Two novel techniques; incremental bagging (iBagging) and enhanced semi-random subspace selection (ESRS) are proposed and incorporates them into an ensemble-based detection model and achieved higher detection accuracy than existing solutions.
Journal ArticleDOI
A Pseudo Feedback-Based Annotated TF-IDF Technique for Dynamic Crypto-Ransomware Pre-Encryption Boundary Delineation and Features Extraction
Bander Ali Saleh Al-rimy,Mohd Aiziani Maarof,Mamoun Alazab,Fawaz Alsolami,Syed Zainudeen Mohd Shaid,Fuad A. Ghaleb,Tawfik Al-Hadhrami,Abdullah Marish Ali +7 more
TL;DR: A Dynamic Pre-encryption Boundary Delineation and Feature Extraction (DPBD-FE) scheme that determines the boundary of the pre-enc encryption phase, from which the features are extracted and selected more accurately compared to related works is proposed.
Book ChapterDOI
Analysis and Evaluation of Dynamic Feature-Based Malware Detection Methods
TL;DR: The main objective is to find more discriminative dynamic features to detect malware executables by analyzing different dynamic features with common malware detection approaches by evaluating some dynamic feature-based malware detection and classification approaches.
References
More filters
Journal ArticleDOI
Enhancing the detection of metamorphic malware using call graphs
TL;DR: The graph matching algorithm is based on an enhanced graph edit distance algorithm that simplifies the computational complexity using a greedy approach to select best common subgraphs from the integrating API call graph with high similarity, which helps in terms of detecting metamorphic malware.
Proceedings ArticleDOI
An empirical study of malware evolution
TL;DR: A novel graph pruning technique is developed to establish the inheritance relationships between different instances of malcode based on temporal information and key common phrases identified in the malcode descriptions.
Journal ArticleDOI
Malware target recognition via static heuristics
Thomas E. Dube,Richard A. Raines,Gilbert L. Peterson,Kenneth W. Bauer,Michael R. Grimaila,Steven K. Rogers +5 more
TL;DR: Test results show MaTR's superior detection rate (99%) versus the union of detections from three commercial antivirus products (60%) and the resulting model is a fine granularity sensor with potential to dramatically augment cyberspace situation awareness.
Proceedings ArticleDOI
Machine Learning Based Hybrid Behavior Models for Android Malware Analysis
Hsin-Yu Chuang,Sheng-De Wang +1 more
TL;DR: A hybrid-model classifier is built that can label 79.4% applications without false positive and false negative occurred in the labeling process, and the ability of detecting unknown malwares can be improved.
Book ChapterDOI
Behavior abstraction in malware analysis
TL;DR: An approach for proactive malware detection working by abstraction of program behaviors, which consists in abstracting program traces, by rewriting given subtraces into abstract symbols representing their functionality.