A survey on heuristic malware detection techniques

Bazrafshan, Zahra; Hashemi, Hashem; Fard, Seyed Mehdi Hazrati; Hamzeh, Ali

doi:10.1109/ikt.2013.6620049

Cited by 213 publications

(129 citation statements)

References 24 publications

Supporting

Mentioning

129

Contrasting

Order By: Relevance

“…For instance, "obfuscation" allows to hide harmful goal of the malware [22]. Another technique, "polymorphism" enables a malware look different each time it replicates itself [23]. Recently developed, "metamorphism" allows malicious code to change itself, so that the new one has no resemblance with the others but same "goal" malwares [23].…”

Section: Rootkitsmentioning

confidence: 99%

An Open Source, Extensible Malware Analysis Platform

Michalopoulos¹,

Ieronymakis²,

Khan³

et al. 2018

MATEC Web Conf.

View full text Add to dashboard Cite

Abstract.A malware (such as viruses, ransomware) is the main source of bringing serious security threats to the IT systems and their users now-adays. In order to protect the systems and their legitimate users from these threats, anti-malware applications are developed as a defense against malware. However, most of these applications detect malware based on signatures or heuristics that are still created manually and are error prune. Some recent applications employ data mining and machine learning techniques to detect malware automatically. However, such applications fail to classify them appropriately mainly because they suffer from high rate of false alarms on the one hand and being retrospective, fail to detect new unknown threats and variants of known malware on the other hand. Since anti-malware vendors receive a huge number of malware samples every day, there is an urgent need for malware analysis tools that can automatically detect malware rigorously, i.e. eliminating false alarms. To address these issues and challenges of current malware detection and analysis approaches, we propose a novel, open source and extensible platform (based on set of tools) that allows to combine various malware detection techniques to automatically detect/classify a malware more rigorously. The developed platform can be fed with malware samples from different providers and will enable the development of effective classification schemes and methods, which are not sufficiently effective without collaboration and the related sample aggregation. Furthermore, such collaborative platforms in cybersecurity enable efficient sharing of information (e.g., about new identified threats) to all collaborators and sharing of appropriate defences against them, if such defences exist.

show abstract

Section: Rootkitsmentioning

confidence: 99%

An Open Source, Extensible Malware Analysis Platform

Michalopoulos¹,

Ieronymakis²,

Khan³

et al. 2018

MATEC Web Conf.

View full text Add to dashboard Cite

show abstract

“…Therefore, it is crucial to have an efficient protection against this kind of malicious programs. The existing anti-malware techniques can be broadly classified in three classes, which are signature-based, behavioral-based and heuristic-based techniques [1]. Signature-based techniques are widely used by most of commercial antivirus software (AV).…”

Section: Introductionmentioning

confidence: 99%

“…Signature-based techniques are widely used by most of commercial antivirus software (AV). These techniques are very accurate for detecting known malware that exist in the signatures" database [1]. However, they are not able to deal with unknown malware or newly launched ones, often developed after discovering a zero-day exploit [2].…”

Section: Introductionmentioning

confidence: 99%

“…The heuristic-based analyses investigate different file features such as Opcode instructions, structural information (Such as header information), and API (Application Programming interface) calls [1], [5]. These sets of information are used as features for the classification process, which is generally done using machine learning-based classifiers such as decision trees and Bayes Algorithm [1], [6].…”

Section: Introductionmentioning

confidence: 99%

“…These sets of information are used as features for the classification process, which is generally done using machine learning-based classifiers such as decision trees and Bayes Algorithm [1], [6]. The Heuristic based Anti-malware systems are very accurate and are able to deal with unknown malware [1], [5,6].…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

A Real-Time PE-Malware Detection System Based on CHI-Square Test and PE-File Features

Belaoued

Mazouzi

2015

IFIP Advances in Information and Communication Technology

View full text Add to dashboard Cite

Toward accurate and intelligent detection of malware

Arfeen

Khan

Uddin

et al. 2021

Concurrency and Computation

View full text Add to dashboard Cite

Summary Malware is a constant threat to the safety of the public Internet and private networks. It also affects the security of endpoint devices. An infected endpoint device can take part in aggressive or slow distributed denial of service attacks globally. Polymorphic malware has rendered traditional signature‐based detection ineffective. Hence the efforts to identify malware have been focused on behavioral modeling to identify and classify malware. This behavioral identification paved the way for artificial intelligence (AI) in cybersecurity. AI can detect a zero‐day attack and malware, but it suffers from several false positives. This article presents an extensive analysis of traditional and AI‐based methods for malware detection and related challenges. AI is vulnerable to attacks, such as dataset poisoning and adversarial data input, which can reduce model accuracy and increase false negatives. AI has helped to improve malware detection and reduce manual work through automation of feature extraction and feature selection. It is also beneficial to create models that are less prone to malware variations and capture the malicious behavior holistically. This article explores the transition of malware detection from traditional to AI‐based techniques. Furthermore, it also explains how some conventional approaches are still relevant today in terms of detection speed.

show abstract

A survey on heuristic malware detection techniques

Cited by 213 publications

References 24 publications

An Open Source, Extensible Malware Analysis Platform

An Open Source, Extensible Malware Analysis Platform

A Real-Time PE-Malware Detection System Based on CHI-Square Test and PE-File Features

Toward accurate and intelligent detection of malware

Contact Info

Product

Resources

About