2008
DOI: 10.1145/2089125.2089126
|View full text |Cite
|
Sign up to set email alerts
|

A survey on automated dynamic malware-analysis techniques and tools

Abstract: Anti-virus vendors are confronted with a multitude of potentially malicious samples today. Receiving thousands of new samples every day is not uncommon. The signatures that detect confirmed malicious threats are mainly still created manually, so it is important to discriminate between samples that pose a new unknown threat and those that are mere variants of known malware. This survey article provides an overview of techniques based on dynamic analysis that are used to analyze potentially malicious s… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
4
1

Citation Types

0
418
0
8

Year Published

2014
2014
2023
2023

Publication Types

Select...
6
2
1

Relationship

0
9

Authors

Journals

citations
Cited by 672 publications
(426 citation statements)
references
References 32 publications
0
418
0
8
Order By: Relevance
“…Malware detectors typically use high-level information such as behavior models of programs based on system calls, accessed/created files and thread creation events [22] to capture common features of malware. In contrast, MAP uses low-level information that can be collected during the execution of programs such as architectural events, instructions and memory addresses, and the mix of executed instruction types.…”
Section: Background and Preliminaries: Sub-semantic Malware Detectionmentioning
confidence: 99%
See 1 more Smart Citation
“…Malware detectors typically use high-level information such as behavior models of programs based on system calls, accessed/created files and thread creation events [22] to capture common features of malware. In contrast, MAP uses low-level information that can be collected during the execution of programs such as architectural events, instructions and memory addresses, and the mix of executed instruction types.…”
Section: Background and Preliminaries: Sub-semantic Malware Detectionmentioning
confidence: 99%
“…The problem is especially critical for mobile environments where the energy cost of detection imposes limits on the effort that a system can dedicate to online malware detection. These difficulties often limit malware detection to static signature-based virus scanning tools [22] which have known limitations [44] that allow attackers to bypass them and remain undetected.…”
Section: Introductionmentioning
confidence: 99%
“…Zero-day exploits also defy signature based static analysis since their signatures have not been yet encountered in the wild. This necessitates the use of dynamic detection techniques [9] that can detect the malicious behavior during execution, often based on the detection of anomalies, rather than signatures [4,16]. However, the complexity and difficulty of continuous dynamic monitoring have traditionally limited its use.…”
Section: Introductionmentioning
confidence: 99%
“…In order to thwart those threats, anti-viruses vendors adapted their detection mechanisms to Android applications. Since it uses signature based detection, this approach is designed to catch only known threats [2]. Detecting Android malware is not an easy task.…”
Section: Introductionmentioning
confidence: 99%