Heuristic metamorphic malware detection based on statistics of assembly instructions using classification algorithms

Khodamoradi, Peyman; Fazlali, Mahmood; Mardukhi, Farhad; Nosrati, Masoud

doi:10.1109/cads.2015.7377792

Cited by 33 publications

(28 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Among reviewed works, the majority relies on dynamic analyses [42,55,56,15,44,16,60,57,66,46,50,58,24,26,28,30,51,52,53,35,40], while the others use, in equal proportions, either static analyses alone [11,12,63,64,72,17,65,19,47,49,61,22,23,25,31,73,27,29,37,38,54,67,74,39] or a combination of static and dynamic techniques [75,18,21,48,20,…”

Section: Feature Extractionmentioning

confidence: 99%

Survey of machine learning techniques for malware analysis

Ucci

Aniello

Baldoni

2019

Computers & Security

394

189

View full text Add to dashboard Cite

Coping with malware is getting more and more challenging, given their relentless growth in complexity and volume. One of the most common approaches in literature is using machine learning techniques, to automatically learn models and patterns behind such complexity, and to develop technologies to keep pace with malware evolution. This survey aims at providing an overview on the way machine learning has been used so far in the context of malware analysis in Windows environments, i.e. for the analysis of Portable Executables. We systematize surveyed papers according to their objectives (i.e., the expected output), what information about malware they specifically use (i.e., the features), and what machine learning techniques they employ (i.e., what algorithm is used to process the input and produce the output). We also outline a number of issues and challenges, including those concerning the used datasets, and identify the main current topical trends and how to possibly advance them. In particular, we introduce the novel concept of malware analysis economics, regarding the study of existing trade-offs among key metrics, such as analysis accuracy and economical costs.

show abstract

Section: Feature Extractionmentioning

confidence: 99%

Survey of machine learning techniques for malware analysis

Ucci

Aniello

Baldoni

2019

Computers & Security

394

189

View full text Add to dashboard Cite

show abstract

“…Histograms are created using features same as that of API Call and then used to classify files as either malicious or benign. Khodamoradi et al (2015) used a decision tree to compute statistics about Opcode and build thresholds. They used a tool called Opcode Statistic Extractor (OSE) to analyse disassembled code and calculate Opcode frequency.…”

Section: Conclusion and Further Discussionmentioning

confidence: 99%

Effective methods to detect metamorphic malware: a systematic review

Irshad¹,

Al-Khateeb²,

Mansour³

et al. 2018

IJESDF

View full text Add to dashboard Cite

The succeeding code for metamorphic Malware is routinely rewritten to remain stealthy and undetected within infected environments. This characteristic is maintained by means of encryption and decryption methods, obfuscation through garbage code insertion, code transformation and registry modification which makes detection very challenging. The main objective of this study is to contribute an evidence-based narrative demonstrating the effectiveness of recent proposals. Sixteen primary studies were included in this analysis based on a pre-defined protocol. The majority of the reviewed detection methods used Opcode, Control Flow Graph (CFG) and API Call Graph. Key challenges facing the detection of metamorphic malware include code obfuscation, lack of dynamic capabilities to analyse code and application difficulty. Methods were further analysed on the basis of their approach, limitation, empirical evidence and key parameters such as dataset, Detection Rate (DR) and False Positive Rate (FPR).

show abstract

“…Several online automated tools exist for dynamic analysis of malware, e.g. Norman Sandbox [19], CWSandbox [20], Anubis [21] and TTAnalyzer [22], Ether [23] and ThreatExpert [24]. The analysis reports generated by these tools give in-depth understanding of the malware behavior and valuable insight into the actions performed by them.…”

Section: Dynamic Analysismentioning

confidence: 99%

“…Many studies use static analysis for malware detection using exact decompilation [16], similarity testing framework [17], based on register contents [18], using two-dimensional binary program features [19], subroutine based detection [20], statistics of assembly instructions [21], file relation graphs [22], de-anonymizing programmers via code stylometry [23], based upon a wavelet package technique [24], analysis and comparison of disassemblers for opcode [25].…”

mentioning

confidence: 99%

A Survey on Malware Detection and Analysis Tools

Talukder¹,

Talukder²

2020

IJNSA

View full text Add to dashboard Cite

The huge amounts of data and information that need to be analyzed for possible malicious intent are one of the big and significant challenges that the Web faces today. Malicious software, also referred to as malware developed by attackers, is polymorphic and metamorphic in nature which can modify the code as it spreads. In addition, the diversity and volume of their variants severely undermine the effectiveness of traditional defenses that typically use signature-based techniques and are unable to detect malicious executables previously unknown. Malware family variants share typical patterns of behavior that indicate their origin and purpose. The behavioral trends observed either statically or dynamically can be manipulated by using machine learning techniques to identify and classify unknown malware into their established families. This survey paper gives an overview of the malware detection and analysis techniques and tools.

show abstract

Heuristic metamorphic malware detection based on statistics of assembly instructions using classification algorithms

Cited by 33 publications

References 10 publications

Survey of machine learning techniques for malware analysis

Survey of machine learning techniques for malware analysis

Effective methods to detect metamorphic malware: a systematic review

A Survey on Malware Detection and Analysis Tools

Contact Info

Product

Resources

About