Book ChapterDOI
Analysis and Evaluation of Dynamic Feature-Based Malware Detection Methods
Arzu Gorgulu Kakisim,Mert Nar,Necmettin Carkaci,Ibrahim Sogukpinar +3 more
- pp 247-258
TLDR
The main objective is to find more discriminative dynamic features to detect malware executables by analyzing different dynamic features with common malware detection approaches by evaluating some dynamic feature-based malware detection and classification approaches.Abstract:
While increasing the threat of malware for information systems, researchers strive to find alternative malware detection methods based on static, dynamic and hybrid analysis. Due to obfuscation techniques to bypass the static analysis, dynamic methods become more useful to detect malware. Therefore, most of the researches focus on dynamic behavior analysis of malicious software. In this work, our main objective is to find more discriminative dynamic features to detect malware executables by analyzing different dynamic features with common malware detection approaches. Moreover, we analyze separately different features obtained in dynamic analysis, such as API-call, usage system library and operations, to observe the contributions of these features to malware detection and classification success. For this purpose, we evaluate the performance of some dynamic feature-based malware detection and classification approaches using four data sets that contain real and synthetic malware executables.read more
Citations
More filters
Proceedings ArticleDOI
Malware Detection on Highly Imbalanced Data through Sequence Modeling
TL;DR: It is shown that analyzing a sequence of the activities is informative for detecting malware, but that analyzing longer sequences does not necessarily lead to a more accurate model.
Journal ArticleDOI
SMASH: A Malware Detection Method Based on Multi-Feature Ensemble Learning
TL;DR: The results show that the proposed malware dynamic detection method based on mufti-feature ensemble learning can obtain good detection precision rate, and is better than other recently proposed dynamic detection methods in anti-evasion performance.
Journal ArticleDOI
MALGRA: Machine Learning and N-Gram Malware Feature Extraction and Detection System
TL;DR: This paper uses a dynamic analysis technique to extract an Indicator of Compromise (IOC) for malicious files, which are represented using N-grams, and proposes TF-IDF as a novel alternative used to identify the most significant N- Gram features for training a machine learning algorithm.
Journal ArticleDOI
A Survey on Malware Detection and Analysis Tools
TL;DR: This survey paper gives an overview of the malware detection and analysis techniques and tools and how they can be manipulated by using machine learning techniques to identify and classify unknown malware into their established families.
Journal ArticleDOI
Metamorphic malware identification using engine-specific patterns based on co-opcode graphs
TL;DR: This work proposes a novel metamorphic malware identification method, named HLES-MMI (Higher-level Engine Signature based Metamorphic Malware Identification), which firstly constructs a unique graph structure, called as co-opcode graph, for each meetamorphic family, then extracts engine-specific opcode patterns from the graphs.
References
More filters
N-gram-based text categorization
W.B. Cavnar,John M. Trenkle +1 more
TL;DR: An N-gram-based approach to text categorization that is tolerant of textual errors is described, which worked very well for language classification and worked reasonably well for classifying articles from a number of different computer-oriented newsgroups according to subject.
Journal ArticleDOI
Certification of programs for secure information flow
TL;DR: This paper presents a mechanism for verifying the secure flow of information through a program that exploits the properties of a lattice structure among security classes and proves that a program cannot cause supposedly nonconfidential results to depend on confidential input data.
Journal ArticleDOI
An information-theoretic perspective of tf—idf measures
TL;DR: The proposed PWI is expressed as a product of the occurrence probabilities of terms and their amounts of information, and corresponds well with the conventional term frequency-inverse document frequency measures that are commonly used in today's information retrieval systems.
Journal ArticleDOI
A survey on automated dynamic malware-analysis techniques and tools
TL;DR: An overview of techniques based on dynamic analysis that are used to analyze potentially malicious samples and analysis programs that employ these techniques to assist human analysts in assessing whether a given sample deserves closer manual inspection due to its unknown malicious behavior is provided.
Journal ArticleDOI
Toward Automated Dynamic Malware Analysis Using CWSandbox
TL;DR: The design and implementation of CWSandbox is described, a malware analysis tool that fulfills the three design criteria of automation, effectiveness, and correctness for the Win32 family of operating systems.