MMALE—A Methodology for Malware Analysis in Linux Environments

Mohino, José Javier de Vicente; Higuera, Javier Bermejo; Higuera, Juan Ramón Bermejo; Sicilia, Juan Antonio; Rubio, Manuel Sánchez; Herraiz, José-Javier Martínez

doi:10.32604/cmc.2021.014596

Cited by 4 publications

(4 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The other significant file is AndroidManifest.xml, which states the list of permissions, package names, or intent-filter relationships [17]. Dynamic analysis involves a method in which the specimen is run in a monitored environment, where the supervising service takes any events or actions that occur during execution [8]. This kind of investigation can provide insights not previously discovered by the static analysis workflow (mostly because of the utilization of dynamic code methods).…”

Section: Xxxxmentioning

confidence: 99%

“…It is an online malware-scanning utility 8 that allows you to upload and scan files up to 140 MB in size. It performs two types of analysis: static in which a multiscan analysis is performed with up to 35 different antivirus engines including McAfee, Kaspersky, AVG, etc., and an analysis of the metadata of the APK mainly of the dangerousness of the permissions it requires running and dynamic analysis with a sandbox that does not work for the case of APKs.…”

Section: Xxxxmentioning

confidence: 99%

“…Detecting malware is a difficult task, due not only to the numbers but also to the variety of families available to attackers. In addition, cybercriminals have a variety of techniques at their disposal to bypass the controls of malicious applications, such as hiding malware in code (obfuscation), targeted permission elevation attacks, or API calls [8].…”

mentioning

confidence: 99%

See 2 more Smart Citations

Benchmarking Android malware analysis tools

Higuera,

Moreno,

Higuera

et al. 2023

Preprint

View full text Add to dashboard Cite

Today, malware is arguably one of the biggest challenges organizations face from a cybersecurity standpoint, regardless of the types of devices used in the organization. One of the most malware-attacked mobile operating systems today is Android. In response to this threat, this paper presents research on the functionalities and performance of different malicious Android application package analysis tools including one that uses machine learning techniques. In addition, it investigates how the use of these tools streamlines the process of detection, classification, and analysis of malicious APKs for Android operating system devices. The tools, that use Artificial Intelligence techniques, are more efficient than other current tools that do not use them. In this way, new approaches can be suggested in the specification, design, and development of new tools that help to analyze, from a cybersecurity point of view, the code of applications developed for this environment.

show abstract

Section: Xxxxmentioning

confidence: 99%

Section: Xxxxmentioning

confidence: 99%

See 1 more Smart Citation

Benchmarking Android malware analysis tools

Higuera,

Moreno,

Higuera

et al. 2023

Preprint

View full text Add to dashboard Cite

show abstract

“…In addition to the above, the paper MMALE -A Methodology for Malware Analysis in Linux Environments by José Javier de Vicente Mohino et al [33] presents a novel methodology of MA for Linux environments under the prism of IoT. MMALE methodology is an amalgamation of existing MA methodologies and it utilizes, mainly, parts of SAMA methodology.…”

Section: Background Workmentioning

confidence: 99%

Comparative Review of Malware Analysis Methodologies

Kiachidis¹,

Baltatzis²

2021

IJNSA

View full text Add to dashboard Cite

To fight against the evolution of malware and its development, the specific methodologies that are applied by the malware analysts are crucial. Yet, this is something often overlooked in the relevant bibliography or in the formal and informal training of the relevant professionals. There are only two generic and allencompassing structured methodologies for Malware Analysis (MA) – SAMA and MARE. The question is whether they are adequate and there is no need for another one or whether there is no such need at all. This paper will try to answer the above and it will contribute in the following ways: it will present, compare and dissect those two malware analysis methodologies, it will present their capacity for analysing modern malware by applying them on a random modern specimen and finally, it will conclude on whether there is a procedural optimization for malware analysis over the evolution of these two methodologies.

show abstract