Journal ArticleDOI
A survey of malware behavior description and analysis
TLDR
This paper conducts a survey on malware behavior description and analysis considering three aspects: malware behavior described, behavior analysis methods, and visualization techniques.Abstract:
Behavior-based malware analysis is an important technique for automatically analyzing and detecting malware, and it has received considerable attention from both academic and industrial communities. By considering how malware behaves, we can tackle the malware obfuscation problem, which cannot be processed by traditional static analysis approaches, and we can also derive the as-built behavior specifications and cover the entire behavior space of the malware samples. Although there have been several works focusing on malware behavior analysis, such research is far from mature, and no overviews have been put forward to date to investigate current developments and challenges. In this paper, we conduct a survey on malware behavior description and analysis considering three aspects: malware behavior description, behavior analysis methods, and visualization techniques. First, existing behavior data types and emerging techniques for malware behavior description are explored, especially the goals, principles, characteristics, and classifications of behavior analysis techniques proposed in the existing approaches. Second, the inadequacies and challenges in malware behavior analysis are summarized from different perspectives. Finally, several possible directions are discussed for future research.read more
Citations
More filters
Journal ArticleDOI
Dynamic Analysis for IoT Malware Detection With Convolution Neural Network Model
TL;DR: A dynamic analysis for IoT malware detection (DAIMD) is proposed to reduce damage to IoT devices by detecting both well-known IoT malware and new and variant IoT malware evolved intelligently.
Journal ArticleDOI
Tight Arms Race: Overview of Current Malware Threats and Trends in Their Detection
Luca Caviglione,Michal Choras,Igino Corona,Artur Janicki,Wojciech Mazurczyk,Marek Pawlicki,Katarzyna Wasielewska +6 more
TL;DR: A detailed meta-review of the existing surveys related to malware and its detection techniques, showing an arms race between these two sides of a barricade, is presented in this article.
Journal ArticleDOI
Crypto-ransomware early detection model using novel incremental bagging with enhanced semi-random subspace selection
TL;DR: Two novel techniques; incremental bagging (iBagging) and enhanced semi-random subspace selection (ESRS) are proposed and incorporates them into an ensemble-based detection model and achieved higher detection accuracy than existing solutions.
Journal ArticleDOI
A Pseudo Feedback-Based Annotated TF-IDF Technique for Dynamic Crypto-Ransomware Pre-Encryption Boundary Delineation and Features Extraction
Bander Ali Saleh Al-rimy,Mohd Aiziani Maarof,Mamoun Alazab,Fawaz Alsolami,Syed Zainudeen Mohd Shaid,Fuad A. Ghaleb,Tawfik Al-Hadhrami,Abdullah Marish Ali +7 more
TL;DR: A Dynamic Pre-encryption Boundary Delineation and Feature Extraction (DPBD-FE) scheme that determines the boundary of the pre-enc encryption phase, from which the features are extracted and selected more accurately compared to related works is proposed.
Book ChapterDOI
Analysis and Evaluation of Dynamic Feature-Based Malware Detection Methods
TL;DR: The main objective is to find more discriminative dynamic features to detect malware executables by analyzing different dynamic features with common malware detection approaches by evaluating some dynamic feature-based malware detection and classification approaches.
References
More filters
Book ChapterDOI
Detecting environment-sensitive malware
TL;DR: Novel techniques for detecting malware samples that exhibit semantically different behavior across different analysis sandboxes are proposed, compatible with any monitoring technology that can be used for dynamic analysis, and completely agnostic to the way that malware achieves evasion.
Journal ArticleDOI
A comparison of static, dynamic, and hybrid analysis for malware detection
TL;DR: This research trains Hidden Markov Models (HMMs) on both static and dynamic feature sets and compares the resulting detection rates over a substantial number of malware families, finding a fully dynamic approach generally yields the best detection rates.
Proceedings ArticleDOI
Execute This! Analyzing Unsafe and Malicious Dynamic Code Loading in Android Applications.
TL;DR: This paper developed a static analysis tool to automatically detect attempts to load external code using static analysis techniques, and performed a large-scale study of popular applications from the Google Play store, showing that loading external code in an insecure way is a problem in as much as 9.25% of those applications and even 16% of the top 50 free applications.
Proceedings Article
Behavior-based spyware detection
TL;DR: A novel technique for spyware detection that is based on the characterization of spywarelike behavior is presented, which shows that it is possible to reliably identify malicious components using an abstract behavioral characterization.
Proceedings Article
UNVEIL: a large-scale, automated approach to detecting ransomware
TL;DR: The evaluation shows that UNVEIL significantly improves the state of the art, and is able to identify previously unknown evasive ransomware that was not detected by the antimalware industry.