The advanced malware continue to be a challenge in digital world that signature-based detection techniques fail to conquer. The malware use many anti-detection techniques to mutate. Thus no virus scanner can claim complete malware detection even for known malware. Static and dynamic analysis techniques focus upon different kinds of malware such as Evasive or Metamorphic malware. This paper proposes a comprehensive approach that combines static checking and dynamic analysis for malware detection. Static analysis is used to check the specific code characteristics. Dynamic analysis is used to analyze the runtime behavior of malware. The authors propose a framework for the automated analysis of an executable's behavior using text mining. Text mining of dynamic attributes identifies the important features for classifying the executable as benign and malware. The synergistic combination proposed in this paper allows detection of not only known variants of malware but even the obfuscated, packed and unknown malware variants and malware evasive to dynamic analysis.
Metamorphic malware are the most challenging threat in digital world, which are quite advanced and have actually reduced the significance of signature based detection. These malware use code obfuscation to mutate and have numerous forms thus increasing the size of signature database; make it unmanageable and incomplete to cover all variants. This is the major reason why no anti-virus company can claim 100% detection even for non zero day malware.When a malware is encrypted or packed, Static analysis is not possible. In such cases, Dynamic analysis appears to be most obvious solution. But the challenge lies in finding out how to analyze behavior to detect malware in automated manner and how to quantize behavior. An approach is required here that specifies how to analyze dynamic report and how can we prepare a model which can help make detection decision. This is what we will be looking for in this paper.
Ransomware attacks have risen exponentially over the past decade with increasing severity, potency to cause damage, and ease of carrying out attack. The conventional anti-malware techniques are compelled to include advanced ransomware detection mechanisms. This paper presents the results of the study and analysis of ransomware executable files in order to identify the characteristic properties that distinguish ransomware from other malware and benign executable files. The program binaries are analyzed statically and dynamically to observe the typical behaviour and structure of the ransomware. Using the dynamic and static analysis technique, ransomware-specific properties are extracted from the executable files. The experiments show that higher accuracy of classification, using machine learning algorithms, is achieved by combining these properties with the set of generic malware properties for malware detection. 367 higher accuracy. Static and debug-time analysis of ransomware identified 9 specific properties, when added to 60 generic properties for malware detection, the classification accuracy is increased. Along with these properties, 7 dynamic behavior patterns specific to ransomware are identified. This research work can be further enhanced by addressing the challenges present in this work such as evasive behavior of certain ransomware and their system locking property.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.