Top

Main document

Shared document
 Malware analysis
Abstract:
The purpose of this research is to provide a comprehensive understanding of

malware analysis, including its key findings, and conclusions. The study of malware

analysis encompasses various techniques, such as static analysis, dynamic analysis, and

hybrid analysis, which are used to dissect and analyze the code and behaviors of different

types of malware. These techniques help in understanding the purpose and functionality of

the malware, as well as identifying its potential impact on a system. Malware analysis is a

critical area of research for cybersecurity professionals, as it provides valuable insights into

the behavior and functionality of different types of malware. Through the use of specialized

tools and techniques, researchers can analyze and dissect the code and behaviors of

malware, leading to the development of effective defense mechanisms. As the threat of

malware continues to evolve, ongoing research in malware analysis is essential to stay

ahead of attackers and protect against potential cyber threats.

Introduction:
In the present digital era, The majority of our communications and private sensitive

data are sent via and stored on smart gadgets. As a result, protecting the device and the

data from numerous security and privacy threats such as malwares (malicious software)

becomes crucial. Malware analysis is the study of the different characteristics, goals,

origins, and possible outcomes of malicious software and code, including viruses,

ransomware, spyware, and malvertising. Malware analysis is the process of using methods

and tools to analyze a suspicious file's behavior and purpose (Intenzer, 2021). It examines

malware code to see what makes it unique from other types. Gaining a deeper

understanding of malware is the aim of malware analysis, which will enable you to

recognize and neutralize threats. Static malware analysis, dynamic malware analysis, and
hybrid malware analysis can be utilized in combination depending on the situation an

organization undergoes. Analysis of malware might be helpful for both pre- and post-event

activities. Malware analysis helps you take appropriate action during an incident by locating

and categorizing the threat (Intenzer, 2021). Through malware analysis, an individual may

document the malware and obtain information that can assist to prevent instances in the

future.
 CHAPTER II

Literature Review:

There are three types of malware analysis and they are: static, dynamic, and hybrid.

Malware can be found using static methods before apps are launched or installed on

mobile devices. They use a variety of techniques, such as resource-, permission-,

signature-, and semantic-based methods, to extract features or attributes of malicious

apps from (Android Application Package) APK files ( Sabbah A. et al. 2023).

The dynamic malware analysis approaches view static methods as inefficient because

malware can evade detection during run-time. On the other hand, these techniques

retrieve features from applications while they are running. According to Suraneni (2022),

the suspicious software can operate in a safe, virtual sandbox environment during

dynamic analysis to prevent any influence on the actual systems. The user may now

view the alleged malware using this method.

Hybrid strategies combine the two and take advantage of each one's benefits. However,

more research is needed to simplify and increase the applicability of hybrid methods

before they can be considered effective. Additionally, a number of studies have

integrated image-based and natural language processing techniques with methods from

all three categories of approaches ( Sabbah A. et al. 2023).

Most antivirus engines detect and classify malware by continuously scanning files and

comparing their signatures with known malware signatures. The malware signatures are
typically created by human antivirus experts (known as malware defenders) who

examine the collected malware samples (Abussita, 2021). As stated by Johnson (2022),

Every firm faces the threat of hackers trying to use malware to get inside their systems.

Security researchers fight this by looking for signs of compromise that enable them to

stop malware before it really does any harm. Malware analysis is an essential

procedure that enables enterprises to efficiently strengthen their cybersecurity

defenses, improve their incident response capabilities, and keep one step ahead of

cyber threats. Through the application of malware analysis findings, organizations may

effectively manage risks, defend their resources, and prevent the emergence of new

and emerging cyber threats.

Brief Discussion:

Malware analysis comprises three main types: static, dynamic, and hybrid. Each
method offers distinct advantages in understanding and combating malicious software.

The static analysis techniques involve examining the features and characteristics of
Android applications (APKs) without executing them. These methods aim to extract relevant
information from the app's code and metadata to identify potential security threats. By
analyzing various aspects such as permissions, code structure, and resource usage, static
analysis helps in detecting malicious behavior in apps before they are installed or executed.

One prominent technique in static analysis is Signature-based Analysis. This

approach, proposed by Alzubaidi, et al., creates unique signatures for known malware apps
by analyzing features such as permissions, broadcast receivers, and content strings. These
signatures are then compared to a library of known malware signatures to detect malicious
apps.

Another technique in static analysis is the Permission-based Analysis, as proposed

by Ilham, et al., focuses on analyzing permissions requested by an app. Apps requesting
unnecessary permissions may indicate malicious activity. This method involves extracting
permissions from the manifest file and using algorithms to rank them. Critical permissions
like RESTART PACKAGES or SEND SMS are identified, and machine learning algorithms
are then used to classify apps based on these permissions.

Next is the Resource-based analysis, another technique in static analysis, as cited

by Zhang et al., Resource-based analysis involves extracting metadata describing app
components from the manifest file using reverse engineering. Features like API calls and
intents are considered, and dangerous permissions and suspicious API calls are flagged.
Machine learning is then used to classify apps based on these features.

And for the last specific static technique, Bai et al. proposed a semantic-based
analysis technique, which involves analyzing semantic information embedded in Dalvik
bytecode or network traffic. For example, data flow graphs are generated from bytecode to
detect privacy leaks, while NLP techniques are used to extract semantic features from APK
components. Another approach, cited by Zhang et al., involves replacing method code with
API calls to analyze behavior semantics.

These specific methods help in identifying potential threats in Android apps by

extracting features and using them for statistical analysis or machine learning-based
malware detection.
 Proceeding to the second main type of Malware analysis, the Dynamic analysis

according to Suraneni (2022), it involves executing suspicious software within a secure,

virtual sandbox environment to prevent any impact on real systems. This enables analysts

to observe the malware's behavior and determine its nature. By monitoring execution flow

and interactions with the system, such as attempts to establish persistence or access

sensitive data, analysts gain deeper insights into the malware. Dynamic analysis typically

outperforms static analysis by revealing runtime actions that are harder to conceal. This

approach allows analysts to assess malware behavior without needing to delve into its

internals.

CHAPTER III

Results:

Discussion:

Conclusion:

References

Suraneni, N. (2022, December 15). Malware Detection and Analysis. Grand Valley State
University.
https://scholarworks.gvsu.edu/gradprojects/227/?utm_source=scholarworks.gvsu.edu%2Fgradp
rojects%2F227&utm_medium=PDF&utm_campaign=PDFCoverPages
CHAPTER I (INTRODUCTION)

--ANTHONY
Abstract: Brief summary of the research, including purpose, methodology, key findings, and
conclusions. (Approximately 150-250 words)
(Quick review of the overall paper)

--VIEN
Introduction:
Background of malware analysis.
Objectives of the research.
Significance of malware analysis.

CHAPTER II (BODY) what, where, when, who, why, how is malware analysis, malware
--CESS
Literature Review:
Introduction to the literature review.
Review of relevant literature on malware analysis. (3 RRLs)
Discussion of key concepts, methodologies, and findings in previous research related to
malware analysis.
(Identification of gaps in existing literature.)

--JOSEPHINE HANNA
Brief Discussion:

CHAPTER III
--AXLE08
Results: Presentation of findings from the malware analysis.
Analysis of malware samples and their characteristics.
Description of common patterns or behaviors observed in malware.
Presentation of any statistical data or visualizations related to malware analysis.

--JAMES04
Discussion: Interpretation of the results in the context of the research objectives.
Comparison of findings with previous research on malware analysis.
Discussion of implications of the findings for cybersecurity practices.
Exploration of limitations and potential biases in the malware analysis.
--BOXSXSXSX JUANI04
Conclusion: Summary of key findings from the malware analysis.
Concluding remarks on the significance of the research.
Suggestions for future research directions in malware analysis.
References: List of all sources cited in the paper using a standardized citation style (e.g.,
APA, MLA, Chicago).
 Links
Intenzer / 2021 /
https://intezer.com/blog/malware-analysis/the-role-of-malware-analysis-in-cybersecurity/

Suraneni, N. (2022, December 15). Malware Detection and Analysis. Grand Valley State University.
https://scholarworks.gvsu.edu/gradprojects/227/?utm_source=scholarworks.gvsu.edu%2Fgradprojects%2
F227&utm_medium=PDF&utm_campaign=PDFCoverPages

Johnson 2022
https://www.techtarget.com/searchsecurity/feature/Why-is-malware-analysis-important

Abusitta 2021
https://www.sciencedirect.com/science/article/abs/pii/S2214212621000648?via%3Dihub&fbclid=IwAR0Vn
XkQVge_wT32v-whhOI5OIM0P21sfSumVY_d9vQ4hIoQpmb4_L5YVNs

Sabbah A, et al. 2023

https://www.researchgate.net/publication/368535484_Android_Malware_Detection_A_Literature_Review