MalDAE: Detecting and explaining malware based on correlation and fusion of static and dynamic characteristics

Han, Wanjiang; Xue, Jingfeng; Wang, Yong; Huang, Lu; Kong, Zixiao; Mao, Limin

doi:10.1016/j.cose.2019.02.007

Cited by 112 publications

(51 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In the process of classification, the authors found that 30% of the papers are based on static analysis approaches. For example, a method of Application Security Triage (MAST) helps in malware selection by statistical analysis approach [31][32][33][34][35]. The authors of this SLR also found similar static analysis studies that proposed a better research environment.…”

Section: Ranking Examinationmentioning

confidence: 89%

Malware Analysis in Web Application Security: An Investigation and Suggestion

Pandey¹,

Alsolami²

2020

IJACSA

View full text Add to dashboard Cite

Malware analysis is essentially used for the identification of malware and its objectives. However, the present era has seen the process of malware analysis being used for enhancing security methods for different domains of technology. This study has attempted to analyze the current situation and status of malware analysis in web application security through some objectives. These objectives helps the authors to analyze the purpose, used methodology of malware analysis in web application security previously as well as authors select and find a prioritized technique of malware analysis through a hybrid multi criteria decision making procedure called fuzzy-Analytical Hierarchy Process. This fuzzy-AHP methodology helps the authors to find and recommend a most prioritized malware analysis techniques and type as well as suggest a ranking of various malware analysis techniques that used in web application security frequently for experts and developers use. Furthermore, second section of paper forecast the attack statistics and publication statistics of malwares and malware analysis in web application security respectively for understanding the sensitivity of topic and need of investigation. The proposed tactic intends to be an effective reckoner for web developers and facilitate in malware analysis for securing web applications. Additionally, the study also forecast the publication and attack scenario of malware and malware analysis for web application security that gives a complimentary overview of domain.

show abstract

Section: Ranking Examinationmentioning

confidence: 89%

Malware Analysis in Web Application Security: An Investigation and Suggestion

Pandey¹,

Alsolami²

2020

IJACSA

View full text Add to dashboard Cite

show abstract

“…In another category of malware, malicious components are downloaded at run-time, which requires dynamic analysis to detect these malwares [8]. For instance, the authors [9] have provided a method for detecting malware concerning the correlation between static and dynamic features. Also, the authors [10] have come up with a way to detect malware in Android applications, by combining static analysis and outlier detection.…”

Section: General Definitionmentioning

confidence: 99%

Similarity-based Android malware detection using Hamming distance of static binary features

Taheri

Ghahramani

Javidan

et al. 2020

Future Generation Computer Systems

156

View full text Add to dashboard Cite

In this paper, we develop four malware detection methods using Hamming distance to find similarity between samples which are first nearest neighbors (FNN), all nearest neighbors (ANN), weighted all nearest neighbors (WANN), and k-medoid based nearest neighbors (KMNN). In our proposed methods, we can trigger the alarm if we detect an Android app is malicious. Hence, our solutions help us to avoid the spread of detected malware on a broader scale. We provide a detailed description of the proposed detection methods and related algorithms. We include an extensive analysis to asses the suitability of our proposed similaritybased detection methods. In this way, we perform our experiments on three datasets, including benign and malware Android apps like Drebin, Contagio, and Genome. Thus, to corroborate the actual effectiveness of our classifier, we carry out performance comparisons with some state-of-the-art classification and malware detection algorithms, namely Mixed and Separated solutions, the program dissimilarity measure based on entropy (PDME) and the FalDroid algorithms. We test our experiments in a different type of features: API, intent, and permission features on these three datasets. The results confirm that accuracy rates of proposed algorithms are more than 90% and in some cases (i.e., considering API features) are more than 99%, and are comparable with existing state-of-the-art solutions. * Corresponding author Email addresses: r.taheri@sutech.ac.ir (Rahim Taheri), m.ghahramani@sutech.ac.ir (Meysam Ghahramani), r.javidan@sutech.ac.ir (Reza Javidan), mohammad.shojafar@ryerson.ca (Mohammad Shojafar),

show abstract

“…Similarity-based machine learning algorithms, such as LCS, Minkowski distance, and Cosine similarity, are then trained using these features to classify the samples into benign and malicious classes. Similarly, authors of [20], propose a malware detection framework, MalDAE, that correlates dynamic and static features from the sequence of API calls. Experimental results of both works have shown that although the syntax of the dynamic and static API call features is different, there is a semantic mapping and clear relation between them.…”

Section: Malware Detectionmentioning

confidence: 99%