Malware behaviour analysis

Wagener, Gerard; State, Radu; Dulaunoy, Alexandre

doi:10.1007/s11416-007-0074-9

Cited by 95 publications

(41 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Any malicious software for execution or replications invokes some kernel level system call to communicate with operating system; it is a sign of malicious activity. In [22,21,25], addressed automatic behavior analysis using Windows API calls, instruction set, control flow graph, function parameter analysis and system calls are used as features.…”

Section: Feature Extraction Methodsmentioning

confidence: 99%

Comparative Analysis of Feature Extraction Methods of Malware Detection

Ranveer¹,

Hiray²

2015

IJCA

View full text Add to dashboard Cite

Recent years have encountered massive growth in malwares which poses a severe threat to modern computers and internet security. Existing malware detection systems are confronting with unknown malware variants. Recently developed malware detection systems investigated that the diverse forms of malware exhibit similar patterns in their structure with minor variations. Hence, it is required to discriminate the types of features extracted for detecting malwares. So that potential of malware detection system can be leveraged to combat with unfamiliar malwares. We mainly focus on the categorization of features based on malware analysis. This paper highlights general framework of malware detection system and pinpoints strengths and weaknesses of each method. Finally we presented overview of performance of present malware detection systems based on features.

show abstract

Section: Feature Extraction Methodsmentioning

confidence: 99%

Comparative Analysis of Feature Extraction Methods of Malware Detection

Ranveer¹,

Hiray²

2015

IJCA

View full text Add to dashboard Cite

show abstract

“…Wagener et al [9] extracted the behavior information of malware by observing that malware invoked the system functions. Then, they compared the malware' API invocation information and calculated similarities among malware variants.…”

Section: Literature Surveymentioning

confidence: 99%

ESAA: Efficient Sequence Alignment Algorithm for Dynamic Malware Analysis in Windows Executable Using API Call Sequence

Jerlin¹,

Jayakumar²

2017

IJIES

View full text Add to dashboard Cite

Detection of malware has become more challenging today because of the advancements and technologies adapted to corrupt the network or the devices. Static, dynamic and hybrid malware detection analysis methods have failed to provide complete malware detection. Hence in this work, a bio inspired sequence alignment method used in bioinformatics to compare the similarity between amino acid sequences in protein structures has been adapted to give the best similarity score to detect malwares. The state of art sequence alignment methods like Smith Water Man Algorithm (SWMA) used in bio informatics suffers from the problem of more memory utilization and computation time which is in the order of n2 ie., (O(n2)) and hence in this work an efficient sequence alignment algorithm (ESSA) has been proposed to address the problem of memory utilization thereby making the memory utilization and computation time to the order of n ie., (O(n)) there by making the detection rate higher. It is also clear from the results that the similarity score is high when the sequence length is small. The accuracy of the prediction rate of malware and benign increases.

show abstract

“…A lot of researchers rely on an analytic setting of virtual machines, as described in a work e.g. by Wagener, State, & Dulaunoy (2008). A potentially malicious code is executed and analyzed in a virtual environment without a risk of damaging the host system.…”

Section: Secure Environments For Unknown Code Testingmentioning

confidence: 99%

Security Measures in Automated Assessment System for Programming Courses

Stastna¹,

Juhár²,

Binas³

et al. 2015

AIP

View full text Add to dashboard Cite

A desirable characteristic of programming code assessment is to provide the learner the most appropriate information regarding the code functionality as well as a chance to improve. This can be hardly achieved in case the number of learners is high (500 or more). In this paper we address the problem of risky code testing and availability of an assessment platform Arena, dealing with potential security risks when providing an automated assessment for a large set of source code. Looking at students' programs as if they were potentially malicious inspired us to investigate separated execution environments, used by security experts for secure software analysis. The results also show that availability issues of our assessment platform can be conveniently resolved with task queues. A special attention is paid to Docker, a virtual container ensuring no risky code can affect the assessment system security. The assessment platform Arena enables to regularly, effectively and securely assess students' source code in various programming courses. In addition to that it is a motivating factor and helps students to engage in the educational process.

show abstract

Malware behaviour analysis

Cited by 95 publications

References 13 publications

Comparative Analysis of Feature Extraction Methods of Malware Detection

Comparative Analysis of Feature Extraction Methods of Malware Detection

ESAA: Efficient Sequence Alignment Algorithm for Dynamic Malware Analysis in Windows Executable Using API Call Sequence

Security Measures in Automated Assessment System for Programming Courses

Contact Info

Product

Resources

About