Professional Documents
Culture Documents
net/publication/337086856
CITATIONS READS
3 953
2 authors, including:
Reeja S R
VIT University
16 PUBLICATIONS 30 CITATIONS
SEE PROFILE
Some of the authors of this publication are also working on these related projects:
All content following this page was uploaded by Reeja S R on 21 September 2020.
1 Introduction
Data breaches, ransomware attacks, targeted botnet as well as malware attacks are in
the daily news these days. Brain, the first PC virus in 1986 to the highly obfuscated
Wannacry in 2017, the malware epidemic is continuing its alarming expedition. Due to
the advancements and increased use in technology, we can observe a continuous
evolution of malwares in volume, variety and velocity. Malicious software or in short,
Malware, can be code, scripts, or any other content that are designed to interrupt the
normal operation or gather information illegally that leads to loss of privacy, gain
unauthorized access to system resources, and other abusive behaviour. Computer
viruses, spyware, Trojan horses, worms, adware, botnets, rootkits etc. come under the
huge umbrella of malware which forms the integral component of almost all the data
breaches. Attackers are also using more tools, like polymorphic malware and zero-day
malwares, to evade the current malware detection tools. The wide spread use of World
Wide Web is also an inevitable reason behind the increase in threat from malware.
There are multiple doors for the adversary to enter the enterprise network which are
guarded by perimeter security tools such as firefalls, antivirus, network based and host
based intrusion detection/prevention tools which at times may not be able to distinguish
between genuine user and an adversary. Once the adversary enters the enterprise
network and gains knowledge about the network, they unwind their plan of action and
attack the target. During their course of action in the network, the leave behind some
changes in the data or signal which can be detected using data science based tools that
can raise alerts.
The advancements in the malware code by concealing the appearance have become a
serious challenge for the antivirus companies. On the basis of the concealment tech-
nology used malwares can be classified as Encrypted, Oligomorphic, Polymorphic and
Metamorphic Malwares.
pkarrupusamyphd@gmail.com
A Survey on Different Approaches for Malware Detection 391
technique where the malware is executed in an emulator and signatures can be con-
structed efficiently and can be detected using the conventional detection mechanisms.
Malwares can be analyzed through various methods and can be broadly categorized
into two – static and dynamic analysis. Malware analysis gives a detailed and well
understanding about the functioning of the malware as well as what can be done in
order to eliminate the threats of the malware.
pkarrupusamyphd@gmail.com
392 S. Soja Rani and S. R. Reeja
The available collection of the techniques for malware analysis and detection inclusive
of those adopted by the industries and those that are not can be categorized into four
approaches - Static Signature based approach, Static Behavior based approach,
Dynamic Signature based approach, Dynamic Behavior based approach.
pkarrupusamyphd@gmail.com
A Survey on Different Approaches for Malware Detection 393
Here few current researches in malware detection are analyzed together with the
machine learning algorithms used. Automating the CyberSercurity industry leveraging
data science using machine learning algorithm is gaining popularity in recent years. By
making use of learning algorithms in anti malware industry we can not only detect the
known malwares but also act as knowledge for the detection of new variants of mal-
ware including the polymorphic and zeroday malwares. This technique does not have
to replace the existing standard detection methods, but surely can act as an add-on
improvising the detection probability. Since machine learning techniques are more
computationally demanding when compared with the standard existing systems, it may
pkarrupusamyphd@gmail.com
394 S. Soja Rani and S. R. Reeja
not be suitable for end users but can be promisingly implemented at the enterprise
gateway level to act as a central anti-malware engine. Even though the infrastructure
can turn out to be costly, but it can help in an efficient and promising way by protecting
valuable enterprises data from the security threat and can prevent immense financial
damages.
pkarrupusamyphd@gmail.com
A Survey on Different Approaches for Malware Detection 395
pkarrupusamyphd@gmail.com
396 S. Soja Rani and S. R. Reeja
provides input to the WEKA tool. The performance is evaluated using a real case study
data set using WEKA tool to illustrate the performance efficiency as well as training
data and test.
pkarrupusamyphd@gmail.com
A Survey on Different Approaches for Malware Detection 397
6 Conclusion
This paper presents a thorough study on the evolution of the concealment techniques as
well as obfuscation methods employed in the generations of malware. The paper also
focuses on the two analysis methods of malware – static analysis and dynamic analysis.
The paper also concentrated on Signature based malware detection and Heuristics or
Behaviour based malware detection, the two detection strategies prevailing in the
industry. Owing to the advantages and disadvantages in both the detection strategies, a
combination approach has also been evolved, the hybrid detection strategy. The paper
also tries to review a few literatures of the malware detection approaches using machine
learning. The reviewed papers are classified into the above mentioned 3 categories -
(1) signature-based, (2) behaviour-based approaches and (3) Hybrid approach.
References
1. Digital Object Identifier: The effects of traditional anti-virus labels on malware detection
using dynamic runtime opcode. https://doi.org/10.1109/ACCESS.2017.2749538
2. Beaucamps, P.: Advanced polymorphic techniques. Int. J. Comput. Sci. 2(3), 194–205
(2007)
3. Wong, W., Stamp, M.: Hunting for metamorphic engines. J. Comput. Virol. 2, 211229
(2006)
4. Govindaraju, A.: Exhaustive statistical analysis for detection of metamorphic malware. [MS
Project], San Jose State University, US (2010)
5. Wang, P., Wang, Y.-S.: Malware behavioural detection and vaccine development by using a
support vector model classifier. J. Comput. Syst. Sci. 81, 1012–1026 (2015)
6. Santos, I., Brezo, F., Ugarte-Pedrero, X., Bringas, P.G.: Opcode sequences as representation
of executables for datamining-based unknown malware detection. Inf. Sci. 231, 64–82
(2013)
7. Martín, A., Menéndez, H.D., Camacho, D.: MOCDroid: multi-objective evolutionary
classifier for Android malware detection. Soft. Comput. 21, 7405–7415 (2017)
8. Hellal, A., Romdhane, L.B.: Minimal contrast frequent pattern mining for malware
detection. Comput. Secur. 62, 19–32 (2016)
9. Fan, Y., Ye, Y., Chen, L.: Malicious sequential pattern mining for automatic malware
detection. Expert Syst. Appl. 52, 16–25 (2016)
10. Boujnouni, M.E., Jedra, M., Zahid, N.: New malware detection framework based on N-
grams and support vector domain description. In: 2015 11th International Conference on
Information Assurance and Security (IAS), pp. 123–128 (2015)
11. Ye, Y., Chen, L., Hou, S., Hardy, W., Li, X.: DeepAM: a heterogeneous deep learning
framework for intelligent malware detection. Knowl. Inf. Syst. 54, 265–285 (2017)
12. Bayer, U., Moser, A., Krugel, C., Kirda, E.: Dynamic analysis of malicious code. J. Comput.
Virol. 2(1), 67–77 (2006)
13. Willems, C., Holz, T., Freiling, F.: Toward automated dynamic malware analysis using
CWSandbox. IEEESecur. Priv. 5(2), 32–39 (2007)
14. Mohaisen, A., Alrawi, O., Mohaisen, M.: AMAL: high-fidelity, behavior-based automated
malware analysis and classification. Comput. Secur. 52, 251–266 (2015)
15. Norouzi, M., Souri, A., Samad Zamini, M.: A data mining classification approach for
behavioral malware detection. J. Comput. Netw. Commun. 2016, 9 (2016)
pkarrupusamyphd@gmail.com
398 S. Soja Rani and S. R. Reeja
16. Eskandari, M., Khorshidpour, Z., Hashemi, S.: HDM-analyser: a hybrid analysis approach
based on data mining techniques for malware detection. J. Comput. Virol. Hacking Tech. 9,
77–93 (2013)
17. Yuan, Z., Lu, Y., Xue, Y.: DroidDetector: android malware characterization and detection
using deep learning. Tsinghua Sci. Technol. 21, 114–123 (2016)
18. Dali, Z., Hao, J., Ying, Y., Wu, D., Weiyi, C.: DeepFlow: deep learning-based malware
detection by mining Android application for abnormal usage of sensitive data. In: 2017 IEEE
Symposium on Computers and Communications (ISCC), pp 438–443 (2017)
19. Ding, Y., Yuan, X., Tang, K., Xiao, X., Zhang, Y.: A fast malware detection algorithm based
on objective-oriented association mining. Comput. Secur. 39(Part B), 315–324 (2013)
20. Rehman, Z.-U., Khan, S.N., Muhammad, K., Lee, J.W., Lv, Z., Baik, S.W., Shah, P.A.,
Awan, K., Mehmood, I.: Machine learning assisted signature and heuristic-based detection
of malwares in Android devices. Comput. Electr. Eng. 69, 828–841 (2017)
pkarrupusamyphd@gmail.com
View publication stats