Journal ArticleDOI
A survey of malware behavior description and analysis
TLDR
This paper conducts a survey on malware behavior description and analysis considering three aspects: malware behavior described, behavior analysis methods, and visualization techniques.Abstract:
Behavior-based malware analysis is an important technique for automatically analyzing and detecting malware, and it has received considerable attention from both academic and industrial communities. By considering how malware behaves, we can tackle the malware obfuscation problem, which cannot be processed by traditional static analysis approaches, and we can also derive the as-built behavior specifications and cover the entire behavior space of the malware samples. Although there have been several works focusing on malware behavior analysis, such research is far from mature, and no overviews have been put forward to date to investigate current developments and challenges. In this paper, we conduct a survey on malware behavior description and analysis considering three aspects: malware behavior description, behavior analysis methods, and visualization techniques. First, existing behavior data types and emerging techniques for malware behavior description are explored, especially the goals, principles, characteristics, and classifications of behavior analysis techniques proposed in the existing approaches. Second, the inadequacies and challenges in malware behavior analysis are summarized from different perspectives. Finally, several possible directions are discussed for future research.read more
Citations
More filters
Journal ArticleDOI
Dynamic Analysis for IoT Malware Detection With Convolution Neural Network Model
TL;DR: A dynamic analysis for IoT malware detection (DAIMD) is proposed to reduce damage to IoT devices by detecting both well-known IoT malware and new and variant IoT malware evolved intelligently.
Journal ArticleDOI
Tight Arms Race: Overview of Current Malware Threats and Trends in Their Detection
Luca Caviglione,Michal Choras,Igino Corona,Artur Janicki,Wojciech Mazurczyk,Marek Pawlicki,Katarzyna Wasielewska +6 more
TL;DR: A detailed meta-review of the existing surveys related to malware and its detection techniques, showing an arms race between these two sides of a barricade, is presented in this article.
Journal ArticleDOI
Crypto-ransomware early detection model using novel incremental bagging with enhanced semi-random subspace selection
TL;DR: Two novel techniques; incremental bagging (iBagging) and enhanced semi-random subspace selection (ESRS) are proposed and incorporates them into an ensemble-based detection model and achieved higher detection accuracy than existing solutions.
Journal ArticleDOI
A Pseudo Feedback-Based Annotated TF-IDF Technique for Dynamic Crypto-Ransomware Pre-Encryption Boundary Delineation and Features Extraction
Bander Ali Saleh Al-rimy,Mohd Aiziani Maarof,Mamoun Alazab,Fawaz Alsolami,Syed Zainudeen Mohd Shaid,Fuad A. Ghaleb,Tawfik Al-Hadhrami,Abdullah Marish Ali +7 more
TL;DR: A Dynamic Pre-encryption Boundary Delineation and Feature Extraction (DPBD-FE) scheme that determines the boundary of the pre-enc encryption phase, from which the features are extracted and selected more accurately compared to related works is proposed.
Book ChapterDOI
Analysis and Evaluation of Dynamic Feature-Based Malware Detection Methods
TL;DR: The main objective is to find more discriminative dynamic features to detect malware executables by analyzing different dynamic features with common malware detection approaches by evaluating some dynamic feature-based malware detection and classification approaches.
References
More filters
Proceedings ArticleDOI
Malware Virtualization-Resistant Behavior Detection
TL;DR: This paper collects behavioral information from malware and uses an enhanced behavior distance algorithm to calculate the difference between real and virtual environments to distinguish if the malware has Anti-VM capability.
Journal ArticleDOI
Growing Grapes in Your Computer to Defend Against Malware
Zhiyong Shan,Xin Wang +1 more
TL;DR: This paper proposes a novel behavior-based detection method, named growing grapes, aiming to enable accurate online detection, consisting of a clustering engine and detection engine that can detect new malware samples with higher detection rate and lower false positive rate while imposing low overhead on the system.
Journal ArticleDOI
Automatic malware mutant detection and group classification based on the n-gram and clustering coefficient
TL;DR: This paper presents technology that automatically detects the n-gram and clustering coefficient-based malware mutants and that automatically groups the different types of malware.
Book ChapterDOI
A Real-Time PE-Malware Detection System Based on CHI-Square Test and PE-File Features
Mohamed Belaoued,Smaine Mazouzi +1 more
TL;DR: This paper presents a real-time PE (Portable Executable) malware detection system, which is based on the analysis of the information stored in the PE-Optional Header fields (PEF), using a combination of the Chi-square (KHI2) score and the Phi (ϕ) coefficient as feature selection method.
Proceedings ArticleDOI
ACTRA: A Case Study for Threat Information Sharing
TL;DR: This paper provides a case study for information sharing within a public/private not-for-profit partnership organization called ACTRA -- Arizona Cyber Threat Response Alliance, Inc.