Skip to main content
SpringerLink
Log in

Analysis and Evaluation of Dynamic Feature-Based Malware Detection Methods

  • Conference paper
  • First Online:
Innovative Security Solutions for Information Technology and Communications (SECITC 2018)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11359))

Abstract

While increasing the threat of malware for information systems, researchers strive to find alternative malware detection methods based on static, dynamic and hybrid analysis. Due to obfuscation techniques to bypass the static analysis, dynamic methods become more useful to detect malware. Therefore, most of the researches focus on dynamic behavior analysis of malicious software. In this work, our main objective is to find more discriminative dynamic features to detect malware executables by analyzing different dynamic features with common malware detection approaches. Moreover, we analyze separately different features obtained in dynamic analysis, such as API-call, usage system library and operations, to observe the contributions of these features to malware detection and classification success. For this purpose, we evaluate the performance of some dynamic feature-based malware detection and classification approaches using four data sets that contain real and synthetic malware executables.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 69.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 89.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. AV-Test GmbH AV-Test malware statistics Technical report 2017. https://www.av-test.org. Accessed 18 Oct 2018

  2. Rad, B.B., Masrom, M., Ibrahim, S.: Camouflage in malware: from encryption to metamorphism. Int. J. Comput. Sci. Netw. Secur. 12(8), 74–83 (2012)

    Google Scholar 

  3. Szor, P., Ferrie, P.: Hunting for metamorphic. In: Virus Bulletin Conference, pp. 123–144, Abingdon (2001)

    Google Scholar 

  4. Han, K.S., Kang, B., Im, E.G.: Malware classification using instruction frequencies. In: Proceedings of the 2011 ACM Symposium on Research in Applied Computation, pp. 298–300. ACM (2011)

    Google Scholar 

  5. Lee, J., Jeong, K., Lee, H.: Detecting metamorphic malwares using code graphs. In: Proceedings of the 2010 ACM Symposium on Applied Computing, pp. 1970–1977. ACM (2010)

    Google Scholar 

  6. Alam, S., Sogukpinar, I., Traore, I., Horspool, R.N.: Sliding window and control flow weight for metamorphic malware detection. J. Comput. Virol. Hacking Tech. 11(2), 75–88 (2015)

    Article  Google Scholar 

  7. Egele, M., Scholte, T., Kirda, E., Kruegel, C.: A survey on automated dynamic malware-analysis techniques and tools. ACM Comput. Surv. (CSUR) 44(2), 6 (2012)

    Article  Google Scholar 

  8. Bayer, U., Kirda, E., Kruegel, C.: Improving the efficiency of dynamic malware analysis. In: Proceedings of the 2010 ACM Symposium on Applied Computing, pp. 1871–1878. ACM (2010)

    Google Scholar 

  9. Bai, J., An, Z., Zou, Z., Mu, S.: A dynamic malware detection approach by mining the frequency of API calls. In: Applied Mechanics and Materials, vol. 519–520, pp. 309–312 (2014)

    Google Scholar 

  10. Hansen, S.S., Larsen, T.M.T., Stevanovic, M., Pedersen, J.M.: An approach for detection and family classification of malware based on behavioral analysis. In: 2016 International Conference on Computing, Networking and Communications (ICNC), pp. 1–5. IEEE (2016)

    Google Scholar 

  11. Shaid, S.Z.M., Maarof, M.A.: Malware behavior image for malware variant identification. In: 2014 International Symposium on Biometrics and Security Technologies (ISBAST), pp. 238–243. IEEE (2014)

    Google Scholar 

  12. PektaÅŸ, A.: Behavior based malware classification using online machine learning. Doctoral dissertation, Grenoble Alpes (2015)

    Google Scholar 

  13. Imran, M., Afzal, M.T., Qadir, M.A.: Using hidden Markov model for dynamic malware analysis: first impressions. In: 2015 12th International Conference on Fuzzy Systems and Knowledge Discovery (FSKD), pp. 816–821. IEEE (2015)

    Google Scholar 

  14. Ki, Y., Kim, E., Kim, H.K.: A novel approach to detect malware based on API call sequence analysis. Int. J. Distrib. Sens. Netw. 11(6), 659101 (2015)

    Article  Google Scholar 

  15. Choudhary, S.P., Vidyarthi, M.D.: A simple method for detection of metamorphic malware using dynamic analysis and text mining. Procedia Comput. Sci. 54, 265–270 (2015)

    Article  Google Scholar 

  16. Yu, B., Fang, Y., Yang, Q., Tang, Y., Liu, L.: A survey of malware behavior description and analysis. Front. Inf. Technol. Electr. Eng. 19(5), 583–603 (2018)

    Article  Google Scholar 

  17. Udayakumar, N., Anandaselvi, S., Subbulakshmi, T.: Dynamic malware analysis using machine learning algorithm. In: 2017 International Conference on Intelligent Sustainable Systems (ICISS), pp. 795–800. IEEE (2017)

    Google Scholar 

  18. Choi, Y.H., Han, B.J., Bae, B.C., Oh, H.G., Sohn, K.W.: Toward extracting malware features for classification using static and dynamic analysis. In: 2012 8th International Conference on Computing and Networking Technology (ICCNT), pp. 126–129. IEEE (2012)

    Google Scholar 

  19. Gandotra, E., Bansal, D., Sofat, S.: Zero-day malware detection. In: 2016 Sixth International Symposium on Embedded Computing and System Design (ISED), pp. 171–175. IEEE (2016)

    Google Scholar 

  20. Firdausi, I., Erwin, A., Nugroho, A.S.: Analysis of machine learning techniques used in behavior-based malware detection. In: 2010 Second International Conference on Advances in Computing, Control and Telecommu-nication Technologies (ACT), pp. 201–203. IEEE (2010)

    Google Scholar 

  21. Sikorski, M., Honig, A.: Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software. No Starch Press, San Francisco (2012)

    Google Scholar 

  22. Arends, J., Kerstin, I.: Malware Analysis (2018)

    Google Scholar 

  23. Willems, C., Holz, T., Freiling, F.: Toward automated dynamic malware analysis using cwsandbox. IEEE Secur. Priv. 5(2) (2007)

    Article  Google Scholar 

  24. The Cuckoo sandbox. http://www.cuckoosandbox.org/. Accessed 18 Oct 2018

  25. Denning, D.E., Denning, P.J.: Certification of programs for secure information flow. Commun. ACM 20(7), 504–513 (1977)

    Article  Google Scholar 

  26. Windows API Index. Tech Article 2018. https://docs.microsoft.com/en-us/windows/desktop/apiindex/windows-api-list. Accessed 18 Oct 2018

  27. Aizawa, A.: An information-theoretic perspective of TF-IDF measures. Inf. Process. Manage. 39(1), 45–65 (2003)

    Article  MathSciNet  Google Scholar 

  28. Nair, V.P., Jain, H., Golecha, Y.K., Gaur, M.S., Laxmi, V.: MEDUSA: MEtamorphic malware dynamic analysis usingsignature from API. In: Proceedings of the 3rd International Conference on Security of Information and Networks, pp. 263–269. ACM (2010)

    Google Scholar 

  29. Kim, C. W.: NtMalDetect: A Machine Learning Approach to Malware Detection Using Native API System Calls. arXiv preprint arXiv:1802.05412 (2018)

  30. Eskandari, M., Khorshidpur, Z., Hashemi, S.: To incorporate sequential dynamic features in malware detection engines. In: Intelligence and Security Informatics Conference (EISIC) 2012 European, pp. 46–52. IEEE (2012)

    Google Scholar 

  31. Cavnar, W.B., Trenkle, J.M.: N-gram-based text categorization. Ann Arbor MI 48113(2), 161–175 (1994)

    Google Scholar 

  32. Stamp, M.: A Revealing Introduction to Hidden Markov Models. Department of Computer Science, San Jose State University, pp. 26–56 (2004)

    Google Scholar 

  33. Damodaran, A., Di Troia, F., Visaggio, C.A., Austin, T.H., Stamp, M.: A comparison of static, dynamic, and hybrid analysis for malware detection. J. Comput. Virol. Hacking Tech. 13(1), 1–12 (2017)

    Article  Google Scholar 

  34. Wong, W., Stamp, M.: Hunting for metamorphic engines. J. Comput. Virol. 2(3), 211–229 (2006)

    Article  Google Scholar 

  35. Heavens, VX.: http://83.133.184.251/virensimulation.org/. Accessed 18 Oct 2018

  36. Sridhara, S.M., Stamp, M.: Metamorphic worm that carries its own morphing engine. J. Comput. Virol. Hacking Tech. 9(2), 49–58 (2013)

    Article  Google Scholar 

  37. Souri, A., Hosseini, R.: A state-of-the-art survey of malware detection approaches using data mining techniques. Hum.-centric Comput. Inf. Sci. 8(1), 3 (2018)

    Article  Google Scholar 

  38. WekaTool. https://www.cs.waikato.ac.nz/ml/weka/. Accessed 18 Oct 2018

  39. Hall, M.A.: Correlation-based feature subset selection for machine learning. Thesis sub-mitted in partial fulfillment of the requirements of the degree of Doctor of Philosophy at the University of Waikato (1998)

    Google Scholar 

Download references

Acknowledgment

This work was supported by the Scientific and Technological Research Council of Turkey (TUBITAK), Grant No: ARDEB-116E624.

Author information

Authors and Affiliations

  1. Gebze Technical University, 41400, Kocaeli, Turkey

    Arzu Gorgulu Kakisim, Mert Nar, Necmettin Carkaci & Ibrahim Sogukpinar

Authors
  1. Arzu Gorgulu Kakisim
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mert Nar
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Necmettin Carkaci
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Ibrahim Sogukpinar
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Arzu Gorgulu Kakisim .

Editor information

Editors and Affiliations

  1. Inria-RBA, Rennes, France

    Jean-Louis Lanet

  2. Bucharest University of Economic Studies, Bucharest, Romania

    Cristian Toma

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Kakisim, A.G., Nar, M., Carkaci, N., Sogukpinar, I. (2019). Analysis and Evaluation of Dynamic Feature-Based Malware Detection Methods. In: Lanet, JL., Toma, C. (eds) Innovative Security Solutions for Information Technology and Communications. SECITC 2018. Lecture Notes in Computer Science(), vol 11359. Springer, Cham. https://doi.org/10.1007/978-3-030-12942-2_19

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-12942-2_19

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-12941-5

  • Online ISBN: 978-3-030-12942-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation