Journal ArticleDOI
A survey of malware behavior description and analysis
TLDR
This paper conducts a survey on malware behavior description and analysis considering three aspects: malware behavior described, behavior analysis methods, and visualization techniques.Abstract:
Behavior-based malware analysis is an important technique for automatically analyzing and detecting malware, and it has received considerable attention from both academic and industrial communities. By considering how malware behaves, we can tackle the malware obfuscation problem, which cannot be processed by traditional static analysis approaches, and we can also derive the as-built behavior specifications and cover the entire behavior space of the malware samples. Although there have been several works focusing on malware behavior analysis, such research is far from mature, and no overviews have been put forward to date to investigate current developments and challenges. In this paper, we conduct a survey on malware behavior description and analysis considering three aspects: malware behavior description, behavior analysis methods, and visualization techniques. First, existing behavior data types and emerging techniques for malware behavior description are explored, especially the goals, principles, characteristics, and classifications of behavior analysis techniques proposed in the existing approaches. Second, the inadequacies and challenges in malware behavior analysis are summarized from different perspectives. Finally, several possible directions are discussed for future research.read more
Citations
More filters
Journal ArticleDOI
Dynamic Analysis for IoT Malware Detection With Convolution Neural Network Model
TL;DR: A dynamic analysis for IoT malware detection (DAIMD) is proposed to reduce damage to IoT devices by detecting both well-known IoT malware and new and variant IoT malware evolved intelligently.
Journal ArticleDOI
Tight Arms Race: Overview of Current Malware Threats and Trends in Their Detection
Luca Caviglione,Michal Choras,Igino Corona,Artur Janicki,Wojciech Mazurczyk,Marek Pawlicki,Katarzyna Wasielewska +6 more
TL;DR: A detailed meta-review of the existing surveys related to malware and its detection techniques, showing an arms race between these two sides of a barricade, is presented in this article.
Journal ArticleDOI
Crypto-ransomware early detection model using novel incremental bagging with enhanced semi-random subspace selection
TL;DR: Two novel techniques; incremental bagging (iBagging) and enhanced semi-random subspace selection (ESRS) are proposed and incorporates them into an ensemble-based detection model and achieved higher detection accuracy than existing solutions.
Journal ArticleDOI
A Pseudo Feedback-Based Annotated TF-IDF Technique for Dynamic Crypto-Ransomware Pre-Encryption Boundary Delineation and Features Extraction
Bander Ali Saleh Al-rimy,Mohd Aiziani Maarof,Mamoun Alazab,Fawaz Alsolami,Syed Zainudeen Mohd Shaid,Fuad A. Ghaleb,Tawfik Al-Hadhrami,Abdullah Marish Ali +7 more
TL;DR: A Dynamic Pre-encryption Boundary Delineation and Feature Extraction (DPBD-FE) scheme that determines the boundary of the pre-enc encryption phase, from which the features are extracted and selected more accurately compared to related works is proposed.
Book ChapterDOI
Analysis and Evaluation of Dynamic Feature-Based Malware Detection Methods
TL;DR: The main objective is to find more discriminative dynamic features to detect malware executables by analyzing different dynamic features with common malware detection approaches by evaluating some dynamic feature-based malware detection and classification approaches.
References
More filters
Proceedings Article
K-Tracer: A System for Extracting Kernel Malware Behavior.
TL;DR: This paper has built a system called K-Tracer that can dynamically analyze Windows kernel-level code and extract malicious behaviors from rootkits, including sensitive data access, modification and triggers, and overcomes several challenges of analyzing the Windows Kernel.
Proceedings ArticleDOI
MalGene: Automatic Extraction of Malware Analysis Evasion Signature
TL;DR: MalGene is presented, an automated technique for extracting analysis evasion signatures that leverages algorithms borrowed from bioinformatics to automatically locate evasive behavior in system call sequences and constructs a succinct evasion signature, which can be used by an analyst to quickly understand evasions.
Proceedings ArticleDOI
Multi-aspect profiling of kernel rootkit behavior
TL;DR: PoKeR is presented, a kernel rootkit profiler capable of producing multi-aspect rootkit profiles which include the revelation of rootkit hooking behavior, the exposure of targeted kernel objects (both static and dynamic), assessment of user-level impacts, as well as the extraction ofkernel rootkit code.
Posted Content
Profiling and Classifying the Behavior of Malicious Codes
TL;DR: Experimental analysis results show that the proposed method is effective in identifying known malware variants, and also classifies malware with high accuracy and low false alarm rates, indicating that classification is a viable approach for similarity detection to help detect malware.
Journal ArticleDOI
Control Flow-Based Malware VariantDetection
TL;DR: This research proposes a similarity search of malware to detect these variants using novel distance metrics using a distance metric based on the distance between feature vectors of string-based signatures, and implements the distance metrics in a complete malware variant detection system.