The advanced malware continue to be a challenge in digital world that signature-based detection techniques fail to conquer. The malware use many anti-detection techniques to mutate. Thus no virus scanner can claim complete malware detection even for known malware. Static and dynamic analysis techniques focus upon different kinds of malware such as Evasive or Metamorphic malware. This paper proposes a comprehensive approach that combines static checking and dynamic analysis for malware detection. Static analysis is used to check the specific code characteristics. Dynamic analysis is used to analyze the runtime behavior of malware. The authors propose a framework for the automated analysis of an executable's behavior using text mining. Text mining of dynamic attributes identifies the important features for classifying the executable as benign and malware. The synergistic combination proposed in this paper allows detection of not only known variants of malware but even the obfuscated, packed and unknown malware variants and malware evasive to dynamic analysis.
Metamorphic malware are the most challenging threat in digital world, which are quite advanced and have actually reduced the significance of signature based detection. These malware use code obfuscation to mutate and have numerous forms thus increasing the size of signature database; make it unmanageable and incomplete to cover all variants. This is the major reason why no anti-virus company can claim 100% detection even for non zero day malware.When a malware is encrypted or packed, Static analysis is not possible. In such cases, Dynamic analysis appears to be most obvious solution. But the challenge lies in finding out how to analyze behavior to detect malware in automated manner and how to quantize behavior. An approach is required here that specifies how to analyze dynamic report and how can we prepare a model which can help make detection decision. This is what we will be looking for in this paper.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.