Dynamic VSA: a framework for malware detection based on register contents

Ghiasi, Mahboobe; Sami, Ashkan; Salehi, Zahra

doi:10.1016/j.engappai.2015.05.008

Cited by 43 publications

(25 citation statements)

References 33 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Also this objective has been deeply studied in literature, and several reviewed papers target the detection of variants. Given a malicious sample m, variants detection consists in selecting from the available knowledge base the samples that are variants of m [37,30,38,39,40,41].…”

Section: Malware Similarity Analysismentioning

confidence: 99%

“…Supervised learning is the task of gaining knowledge by providing statistical models with correct instance examples, during a preliminary phase called training. The supervised algorithms used by reviewed papers are rule-based classifier [11,29,30,67,40,78,60,13], Bayes classifier [61,20,26,51,35], Naïve Bayes [11,12,15,26,51,67,35], Bayesian Network [21,61,20], Support Vector Machine (SVM) [12,13,15,16,65,66,48,49,61,20,24,26,31,29,51,52,53,67,35], Multiple Kernel Learning [18], Prototype-based Classification [57], Decision Tree [12,13,15,4...…”

Section: Supervised Learningmentioning

confidence: 99%

See 1 more Smart Citation

Survey of machine learning techniques for malware analysis

Ucci

Aniello

Baldoni

2019

Computers & Security

415

189

View full text Add to dashboard Cite

Coping with malware is getting more and more challenging, given their relentless growth in complexity and volume. One of the most common approaches in literature is using machine learning techniques, to automatically learn models and patterns behind such complexity, and to develop technologies to keep pace with malware evolution. This survey aims at providing an overview on the way machine learning has been used so far in the context of malware analysis in Windows environments, i.e. for the analysis of Portable Executables. We systematize surveyed papers according to their objectives (i.e., the expected output), what information about malware they specifically use (i.e., the features), and what machine learning techniques they employ (i.e., what algorithm is used to process the input and produce the output). We also outline a number of issues and challenges, including those concerning the used datasets, and identify the main current topical trends and how to possibly advance them. In particular, we introduce the novel concept of malware analysis economics, regarding the study of existing trade-offs among key metrics, such as analysis accuracy and economical costs.

show abstract

Section: Malware Similarity Analysismentioning

confidence: 99%

Section: Supervised Learningmentioning

confidence: 99%

Survey of machine learning techniques for malware analysis

Ucci

Aniello

Baldoni

2019

Computers & Security

415

189

View full text Add to dashboard Cite

show abstract

“…is called dynamic analysis. Before executing the malware sample, the appropriate monitoring tools like Process Monitor [13] and Capture BAT [14] (for file system and registry monitoring), Process Explorer [15] and Process Hackerreplace [16] (for process monitoring), Wireshark [17] (for network monitoring) and Regshot [18] (for system change detection) are installed and activated. Various techniques that can be applied to perform dynamic analysis include function call monitoring, function parameter analysis, information flow tracking, instruction traces and autostart extensibility points etc.…”

Section: Dynamic Analysismentioning

confidence: 99%

“…Many studies use static analysis for malware detection using exact decompilation [16], similarity testing framework [17], based on register contents [18], using two-dimensional binary program features [19], subroutine based detection [20], statistics of assembly instructions [21], file relation graphs [22], de-anonymizing programmers via code stylometry [23], based upon a wavelet package technique [24], analysis and comparison of disassemblers for opcode [25].…”

mentioning

confidence: 99%

A Survey on Malware Detection and Analysis Tools

Talukder¹,

Talukder²

2020

IJNSA

View full text Add to dashboard Cite

The huge amounts of data and information that need to be analyzed for possible malicious intent are one of the big and significant challenges that the Web faces today. Malicious software, also referred to as malware developed by attackers, is polymorphic and metamorphic in nature which can modify the code as it spreads. In addition, the diversity and volume of their variants severely undermine the effectiveness of traditional defenses that typically use signature-based techniques and are unable to detect malicious executables previously unknown. Malware family variants share typical patterns of behavior that indicate their origin and purpose. The behavioral trends observed either statically or dynamically can be manipulated by using machine learning techniques to identify and classify unknown malware into their established families. This survey paper gives an overview of the malware detection and analysis techniques and tools.

show abstract

“…Malware is known as a malicious application that has been obviously considered to damage the networks and computers [2]. The malware detection design depends on a signature database [3,4]. For example, a file can be examined with comparison of its bytes using signatures database.…”

Section: Introductionmentioning

confidence: 99%

A Data Mining Classification Approach for Behavioral Malware Detection

Norouzi

Souri

Zamini

2016

Journal of Computer Networks and Communications

View full text Add to dashboard Cite

Data mining techniques have numerous applications in malware detection. Classification method is one of the most popular data mining techniques. In this paper we present a data mining classification approach to detect malware behavior. We proposed different classification methods in order to detect malware based on the feature and behavior of each malware. A dynamic analysis method has been presented for identifying the malware features. A suggested program has been presented for converting a malware behavior executive history XML file to a suitable WEKA tool input. To illustrate the performance efficiency as well as training data and test, we apply the proposed approaches to a real case study data set using WEKA tool. The evaluation results demonstrated the availability of the proposed data mining approach. Also our proposed data mining approach is more efficient for detecting malware and behavioral classification of malware can be useful to detect malware in a behavioral antivirus.

show abstract

Dynamic VSA: a framework for malware detection based on register contents

Cited by 43 publications

References 33 publications

Survey of machine learning techniques for malware analysis

Survey of machine learning techniques for malware analysis

A Survey on Malware Detection and Analysis Tools

A Data Mining Classification Approach for Behavioral Malware Detection

Contact Info

Product

Resources

About