Abstract
While increasing the threat of malware for information systems, researchers strive to find alternative malware detection methods based on static, dynamic and hybrid analysis. Due to obfuscation techniques to bypass the static analysis, dynamic methods become more useful to detect malware. Therefore, most of the researches focus on dynamic behavior analysis of malicious software. In this work, our main objective is to find more discriminative dynamic features to detect malware executables by analyzing different dynamic features with common malware detection approaches. Moreover, we analyze separately different features obtained in dynamic analysis, such as API-call, usage system library and operations, to observe the contributions of these features to malware detection and classification success. For this purpose, we evaluate the performance of some dynamic feature-based malware detection and classification approaches using four data sets that contain real and synthetic malware executables.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
AV-Test GmbH AV-Test malware statistics Technical report 2017. https://www.av-test.org. Accessed 18 Oct 2018
Rad, B.B., Masrom, M., Ibrahim, S.: Camouflage in malware: from encryption to metamorphism. Int. J. Comput. Sci. Netw. Secur. 12(8), 74–83 (2012)
Szor, P., Ferrie, P.: Hunting for metamorphic. In: Virus Bulletin Conference, pp. 123–144, Abingdon (2001)
Han, K.S., Kang, B., Im, E.G.: Malware classification using instruction frequencies. In: Proceedings of the 2011 ACM Symposium on Research in Applied Computation, pp. 298–300. ACM (2011)
Lee, J., Jeong, K., Lee, H.: Detecting metamorphic malwares using code graphs. In: Proceedings of the 2010 ACM Symposium on Applied Computing, pp. 1970–1977. ACM (2010)
Alam, S., Sogukpinar, I., Traore, I., Horspool, R.N.: Sliding window and control flow weight for metamorphic malware detection. J. Comput. Virol. Hacking Tech. 11(2), 75–88 (2015)
Egele, M., Scholte, T., Kirda, E., Kruegel, C.: A survey on automated dynamic malware-analysis techniques and tools. ACM Comput. Surv. (CSUR) 44(2), 6 (2012)
Bayer, U., Kirda, E., Kruegel, C.: Improving the efficiency of dynamic malware analysis. In: Proceedings of the 2010 ACM Symposium on Applied Computing, pp. 1871–1878. ACM (2010)
Bai, J., An, Z., Zou, Z., Mu, S.: A dynamic malware detection approach by mining the frequency of API calls. In: Applied Mechanics and Materials, vol. 519–520, pp. 309–312 (2014)
Hansen, S.S., Larsen, T.M.T., Stevanovic, M., Pedersen, J.M.: An approach for detection and family classification of malware based on behavioral analysis. In: 2016 International Conference on Computing, Networking and Communications (ICNC), pp. 1–5. IEEE (2016)
Shaid, S.Z.M., Maarof, M.A.: Malware behavior image for malware variant identification. In: 2014 International Symposium on Biometrics and Security Technologies (ISBAST), pp. 238–243. IEEE (2014)
PektaÅŸ, A.: Behavior based malware classification using online machine learning. Doctoral dissertation, Grenoble Alpes (2015)
Imran, M., Afzal, M.T., Qadir, M.A.: Using hidden Markov model for dynamic malware analysis: first impressions. In: 2015 12th International Conference on Fuzzy Systems and Knowledge Discovery (FSKD), pp. 816–821. IEEE (2015)
Ki, Y., Kim, E., Kim, H.K.: A novel approach to detect malware based on API call sequence analysis. Int. J. Distrib. Sens. Netw. 11(6), 659101 (2015)
Choudhary, S.P., Vidyarthi, M.D.: A simple method for detection of metamorphic malware using dynamic analysis and text mining. Procedia Comput. Sci. 54, 265–270 (2015)
Yu, B., Fang, Y., Yang, Q., Tang, Y., Liu, L.: A survey of malware behavior description and analysis. Front. Inf. Technol. Electr. Eng. 19(5), 583–603 (2018)
Udayakumar, N., Anandaselvi, S., Subbulakshmi, T.: Dynamic malware analysis using machine learning algorithm. In: 2017 International Conference on Intelligent Sustainable Systems (ICISS), pp. 795–800. IEEE (2017)
Choi, Y.H., Han, B.J., Bae, B.C., Oh, H.G., Sohn, K.W.: Toward extracting malware features for classification using static and dynamic analysis. In: 2012 8th International Conference on Computing and Networking Technology (ICCNT), pp. 126–129. IEEE (2012)
Gandotra, E., Bansal, D., Sofat, S.: Zero-day malware detection. In: 2016 Sixth International Symposium on Embedded Computing and System Design (ISED), pp. 171–175. IEEE (2016)
Firdausi, I., Erwin, A., Nugroho, A.S.: Analysis of machine learning techniques used in behavior-based malware detection. In: 2010 Second International Conference on Advances in Computing, Control and Telecommu-nication Technologies (ACT), pp. 201–203. IEEE (2010)
Sikorski, M., Honig, A.: Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software. No Starch Press, San Francisco (2012)
Arends, J., Kerstin, I.: Malware Analysis (2018)
Willems, C., Holz, T., Freiling, F.: Toward automated dynamic malware analysis using cwsandbox. IEEE Secur. Priv. 5(2) (2007)
The Cuckoo sandbox. http://www.cuckoosandbox.org/. Accessed 18 Oct 2018
Denning, D.E., Denning, P.J.: Certification of programs for secure information flow. Commun. ACM 20(7), 504–513 (1977)
Windows API Index. Tech Article 2018. https://docs.microsoft.com/en-us/windows/desktop/apiindex/windows-api-list. Accessed 18 Oct 2018
Aizawa, A.: An information-theoretic perspective of TF-IDF measures. Inf. Process. Manage. 39(1), 45–65 (2003)
Nair, V.P., Jain, H., Golecha, Y.K., Gaur, M.S., Laxmi, V.: MEDUSA: MEtamorphic malware dynamic analysis usingsignature from API. In: Proceedings of the 3rd International Conference on Security of Information and Networks, pp. 263–269. ACM (2010)
Kim, C. W.: NtMalDetect: A Machine Learning Approach to Malware Detection Using Native API System Calls. arXiv preprint arXiv:1802.05412 (2018)
Eskandari, M., Khorshidpur, Z., Hashemi, S.: To incorporate sequential dynamic features in malware detection engines. In: Intelligence and Security Informatics Conference (EISIC) 2012 European, pp. 46–52. IEEE (2012)
Cavnar, W.B., Trenkle, J.M.: N-gram-based text categorization. Ann Arbor MI 48113(2), 161–175 (1994)
Stamp, M.: A Revealing Introduction to Hidden Markov Models. Department of Computer Science, San Jose State University, pp. 26–56 (2004)
Damodaran, A., Di Troia, F., Visaggio, C.A., Austin, T.H., Stamp, M.: A comparison of static, dynamic, and hybrid analysis for malware detection. J. Comput. Virol. Hacking Tech. 13(1), 1–12 (2017)
Wong, W., Stamp, M.: Hunting for metamorphic engines. J. Comput. Virol. 2(3), 211–229 (2006)
Heavens, VX.: http://83.133.184.251/virensimulation.org/. Accessed 18 Oct 2018
Sridhara, S.M., Stamp, M.: Metamorphic worm that carries its own morphing engine. J. Comput. Virol. Hacking Tech. 9(2), 49–58 (2013)
Souri, A., Hosseini, R.: A state-of-the-art survey of malware detection approaches using data mining techniques. Hum.-centric Comput. Inf. Sci. 8(1), 3 (2018)
WekaTool. https://www.cs.waikato.ac.nz/ml/weka/. Accessed 18 Oct 2018
Hall, M.A.: Correlation-based feature subset selection for machine learning. Thesis sub-mitted in partial fulfillment of the requirements of the degree of Doctor of Philosophy at the University of Waikato (1998)
Acknowledgment
This work was supported by the Scientific and Technological Research Council of Turkey (TUBITAK), Grant No: ARDEB-116E624.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Kakisim, A.G., Nar, M., Carkaci, N., Sogukpinar, I. (2019). Analysis and Evaluation of Dynamic Feature-Based Malware Detection Methods. In: Lanet, JL., Toma, C. (eds) Innovative Security Solutions for Information Technology and Communications. SECITC 2018. Lecture Notes in Computer Science(), vol 11359. Springer, Cham. https://doi.org/10.1007/978-3-030-12942-2_19
Download citation
DOI: https://doi.org/10.1007/978-3-030-12942-2_19
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-12941-5
Online ISBN: 978-3-030-12942-2
eBook Packages: Computer ScienceComputer Science (R0)