MALDC: a depth detection method for malware based on behavior chains

Zhang, Hao; Zhang, Wenjun; Lv, Zhihan; Sangaiah, Arun Kumar; Huang, Tao; Chilamkurti, Naveen

doi:10.1007/s11280-019-00675-z

Cited by 14 publications

(21 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Recently; deep learning-, cloud-, mobile devices-, and IoT-based approaches have started to be used in malware detection (VI). Deep learning-based detection approaches are effective to detect new malware and reduce features space sharply [108], [109], but it is not resistant to some evasion attacks. On the other hand, cloud-based detection approaches increase DR, decrease FPs, and provide bigger malware databases and powerful computational resources [110].…”

Section: Evaluation On Malware Detection Approachesmentioning

confidence: 99%

A Comprehensive Review on Malware Detection Approaches

2020

View full text Add to dashboard Cite

According to the recent studies, malicious software (malware) is increasing at an alarming rate, and some malware can hide in the system by using different obfuscation techniques. In order to protect computer systems and the Internet from the malware, the malware needs to be detected before it affects a large number of systems. Recently, there have been made several studies on malware detection approaches. However, the detection of malware still remains problematic. Signature-based and heuristic-based detection approaches are fast and efficient to detect known malware, but especially signature-based detection approach has failed to detect unknown malware. On the other hand, behavior-based, model checking-based, and cloud-based approaches perform well for unknown and complicated malware; and deep learning-based, mobile devices-based, and IoT-based approaches also emerge to detect some portion of known and unknown malware. However, no approach can detect all malware in the wild. This shows that to build an effective method to detect malware is a very challenging task, and there is a huge gap for new studies and methods. This paper presents a detailed review on malware detection approaches and recent detection methods which use these approaches. Paper goal is to help researchers to have a general idea of the malware detection approaches, pros and cons of each detection approach, and methods that are used in these approaches.

show abstract

Section: Evaluation On Malware Detection Approachesmentioning

confidence: 99%

A Comprehensive Review on Malware Detection Approaches

2020

View full text Add to dashboard Cite

show abstract

“…Recent works on malware behaviors are represented in [19,[29][30][31]. Lightweight behavioral malware detection for windows platforms is explained in [29].…”

Section: Related Workmentioning

confidence: 99%

“…Feature representation Goal/success Year Wagener et al [14] System calls, Hellinger distance, phylogenetic tree Identify new and different forms of malware 2008 Park et al [15] Creating system call diagrams Identify different forms of malware 2013 Islam et al [16] Printable strings, API method frequencies Identify malware with 97% accuracy 2013 Naval et al [17] Diagram of system calls and relations Detect code insertion attacks 2015 Das et al [18] System call frequencies, n-gram Identify new and different forms of malware 2016 Zhang et al [19] API calls sequence to construct a behavior chain It achieved 98.64% accuracy with 2% FPR 2019…”

Section: Papermentioning

confidence: 99%

See 1 more Smart Citation

Using a Subtractive Center Behavioral Model to Detect Malware

Aslan

Samet

Tanrıöver

2020

Security and Communication Networks

View full text Add to dashboard Cite

In recent years, malware has evolved by using different obfuscation techniques; due to this evolution, the detection of malware has become problematic. Signature-based and traditional behavior-based malware detectors cannot effectively detect this new generation of malware. This paper proposes a subtractive center behavior model (SCBM) to create a malware dataset that captures semantically related behaviors from sample programs. In the proposed model, system paths, where malware behaviors are performed, and malware behaviors themselves are taken into consideration. This way malicious behavior patterns are differentiated from benign behavior patterns. Features that could not exceed the specified score are removed from the dataset. The datasets created using the proposed model contain far fewer features than the datasets created by n-gram and other models that have been used in other studies. The proposed model can handle both known and unknown malware, and the obtained detection rate and accuracy of the proposed model are higher than those of the known models. To show the effectiveness of the proposed model, 2 datasets with score and without score are created by using SCBM. In total, 6700 malware samples and 3000 benign samples are tested. The results are compared with those derived from n-gram and models from other studies in the literature. The test results show that, by combining the proposed model with an appropriate machine learning algorithm, the detection rate, false positive rate, and accuracy are measured as 99.9%, 0.2%, and 99.8%, respectively.

show abstract

“…Zheng et al [43] creates a behavior chain that aids in its detection method. The method monitors behavior points based on API calls and then uses the respective calling sequence at runtime to construct a behavior chain.…”

Section: Related Workmentioning

confidence: 99%

Neurlux

Jindal

Salls

Aghakhani

et al. 2019

Proceedings of the 35th Annual Computer Security Applications Conference

View full text Add to dashboard Cite

Malware detection plays a vital role in computer security. Modern machine learning approaches have been centered around domain knowledge for extracting malicious features. However, many potential features can be used, and it is time consuming and difficult to manually identify the best features, especially given the diverse nature of malware.In this paper, we propose Neurlux, a neural network for malware detection. Neurlux does not rely on any feature engineering, rather it learns automatically from dynamic analysis reports that detail behavioral information. Our model borrows ideas from the field of document classification, using word sequences present in the reports to predict if a report is from a malicious binary or not. We investigate the learned features of our model and show which components of the reports it tends to give the highest importance. Then, we evaluate our approach on two different datasets and report formats, showing that Neurlux improves on the state of the art and can effectively learn from the dynamic analysis reports. Furthermore, we show that our approach is portable to other malware analysis environments and generalizes to different datasets. CCS CONCEPTS• Security and privacy → Software and application security; • Computing methodologies → Neural networks.

show abstract

MALDC: a depth detection method for malware based on behavior chains

Cited by 14 publications

References 27 publications

A Comprehensive Review on Malware Detection Approaches

A Comprehensive Review on Malware Detection Approaches

Using a Subtractive Center Behavioral Model to Detect Malware

Neurlux

Contact Info

Product

Resources

About