A Survey on Malware Analysis Techniques: Static, Dynamic, Hybrid and Memory Analysis

Sihwail, Rami; Omar, Khairuddin; Ariffin, Khairul Akram Zainol

doi:10.18517/ijaseit.8.4-2.6827

Cited by 137 publications

(83 citation statements)

References 54 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Heuristic Detection is a malware analysis technique that works by searching for commands or instructions that can enable the discovery of new types of malware [10]. Here are the advantages and disadvantages of heuristic detection [11]: a. The advantages of heuristic detection are:…”

Section: Malware Analysismentioning

confidence: 99%

Impact Analysis of Malware Based on Call Network API With Heuristic Detection Method

Suryati

Budiono

2020

Int. J. Adv. Data Inf. Syst.

View full text Add to dashboard Cite

Malware is a program that has a negative influence on computer systems that don't have user permissions. The purpose of making malware by hackers is to get profits in an illegal way. Therefore, we need a malware analysis. Malware analysis aims to determine the specifics of malware so that security can be built to protect computer devices. One method for analyzing malware is heuristic detection. Heuristic detection is an analytical method that allows finding new types of malware in a file or application. Many malwares are made to attack through the internet because of technological advancements. Based on these conditions, the malware analysis is carried out using the API call network with the heuristic detection method. This aims to identify the behavior of malware that attacks the network. The results of the analysis carried out are that most malware is spyware, which is lurking user activity and retrieving user data without the user's knowledge. In addition, there is also malware that is adware, which displays advertisements through pop-up windows on computer devices that interfaces with user activity. So that with these results, it can also be identified actions that can be taken by the user to protect his computer device, such as by installing antivirus or antimalware, not downloading unauthorized applications and not accessing unsafe websites.

show abstract

Section: Malware Analysismentioning

confidence: 99%

Impact Analysis of Malware Based on Call Network API With Heuristic Detection Method

Suryati

Budiono

2020

Int. J. Adv. Data Inf. Syst.

View full text Add to dashboard Cite

show abstract

“…Furthermore, it is preliminary for a malware file to be unpacked and decrypted to be executed. Moreover, malware artifacts remain in the memory for a while, even after the process is terminated [3]. Therefore, the proposed approach, which combines features from both the dynamic and memory analyses better, presents malware behaviors and intentions that are reflected in higher accuracy detection and lower false positive rates.…”

Section: Machine Learning Modelingmentioning

confidence: 99%

“…It is known that dynamic analysis is limited to a single view of path execution and, therefore, unexecuted API calls do not appear in the behavior report. However, unexecuted APIs could reveal another side of malware behavior [3]. Table 5 shows the 20 most prominent features that appear in the memory analysis but not in the dynamic analysis with their frequencies and percentages.…”

Section: Features In Memory and Dynamic Analysismentioning

confidence: 99%

“…In addition, the common malware use obfuscation techniques such as code manipulation, instruction substitution, register reassignment, and the dead code insertion to escape the detection process. Therefore, this approach is incapable of detecting unknown and new malware that have not been seen before, and it is easily deceived by malware that uses obfuscation, packing or encryption techniques [3].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Malware Detection Approach Based on Artifacts in Memory Image and Dynamic Analysis

et al. 2019

Self Cite

View full text Add to dashboard Cite

The need to detect malware before it harms computers, mobile phones and other electronic devices has caught the attention of researchers and the anti-malware industry for many years. To protect users from malware attacks, anti-virus software products are downloaded on the computer. The anti-virus mainly uses signature-based techniques to detect malware. However, this technique fails to detect malware that uses packing, encryption or obfuscation techniques. It also fails to detect unseen (new) ones. This paper proposes an integrated malware detection approach that applies memory forensics to extract malicious artifacts from memory and combines them to features extracted during the execution of malware in a dynamic analysis. Pre-modeling techniques were also applied for feature engineering before training and testing the data set on the machine learning models. The experimental results show a significant improvement in both detection accuracy rate and false positive rate, 98.5% and 1.7% respectively, by applying the support vector machine. The results verify that our integrated analysis approach outperforms other analysis methods. In addition, the proposed approach overcomes the limitation of single path file execution in dynamic analysis by adding more relevant memory artifacts that can reveal the real intention of malicious files.

show abstract

“…There are several ways used in various cyber security researches [16] to detect malware either in anti-virus software or end point protection such as signature based and behavioral based. Unlike signature-based, behavioral based able to detect malware that uses obfuscation technique even though it is time consuming with considerable false positive.…”

Section: Related Workmentioning

confidence: 99%

Recommender System based on Empirical Study of Geolocated Clustering and Prediction Services for Botnets Cyber-Intelligence in Malaysia

Zamani

Ariffin

Abdullah

2018

ijacsa

View full text Add to dashboard Cite

A recommender system is becoming a popular platform that predicts the ratings or preferences in studying human behaviors and habits. The predictive system is widely used especially in marketing, retailing and product development. The system responds to users preferences in goods and services and gives recommendations via Machine Learning algorithms deployed catered specifically for such services. The same recommender system can be built for predicting botnets attack. Via our Integrated Cyber-Evidence (ICE) Big Data system, we build a recommender system based on collected data on telemetric Botnets networks traffics. The recommender system is trained periodically on cyber-threats enriched data from Coordinated Malware Eradication & Remedial Platform system (CMERP), specifically the geolocations and the timestamp of the attacks. The machine learning is based on K-Means and DBSCAN clustering. The result is a recommendation of top potential attacks based on ranks from a given geolocations coordinates. The recommendation also includes alerts on locations with high density of certain botnets types.

show abstract

A Survey on Malware Analysis Techniques: Static, Dynamic, Hybrid and Memory Analysis

Cited by 137 publications

References 54 publications

Impact Analysis of Malware Based on Call Network API With Heuristic Detection Method

Impact Analysis of Malware Based on Call Network API With Heuristic Detection Method

Malware Detection Approach Based on Artifacts in Memory Image and Dynamic Analysis

Recommender System based on Empirical Study of Geolocated Clustering and Prediction Services for Botnets Cyber-Intelligence in Malaysia

Contact Info

Product

Resources

About