Skip to main content

Malware Forensics: Legacy Solutions, Recent Advances, and Future Challenges

  • Chapter
  • First Online:
Advances in Computing, Informatics, Networking and Cybersecurity

Part of the book series: Lecture Notes in Networks and Systems ((LNNS,volume 289))

  • 818 Accesses

Abstract

Malware applications are continuing to grow across all computing and mobile platforms. Since the last decade, every day, half a million malware applications emerge as a real threat and hamper both mobile and computer ecosystems. With the rapid evolution and expansion of the smartphone market, malware detection and prevention for handheld devices need a paramount attention and effective solutions. Enrichment and diversification of smart applications, tools, sensors, and various services with underlying sensitive information always allure malware writers to exploit vulnerabilities. As Android is open-source and the smartphone’s market leader, it is therefore more vulnerable and has contributed to the boom of a variety of android malware applications. Malware is the payload created by an attacker to compromise the system’s integrity, availability, and confidentiality. Mostly, the interest is to steal confidential information, financial data, or crippling critical infrastructure and servers. Malware leads sometimes to severe damages and huge financial losses to businesses, institutions, and individuals. Malware writers keep coining novice methods and sophisticated routes for creating malware for mobile devices, computers, and servers. Therefore, it is very essential to devise a system that can detect and prevent legacy and new malware with as high accuracy as possible under different settings. In this chapter, we will cover the background of malware across different platforms, the existing solutions and techniques for malware analysis, prevention, and detection, as well as the recent advances in malware research domain employing cutting edge technologies.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Ye, Y., Li, T., Zhu, S., Zhuang, W., Tas, E., Gupta, U., Abdulhayoglu, M. (2011). Combining file content and file relations for cloud based malware detection, pp. 222–230. https://doi.org/10.1145/2020408.2020448

  2. Hardy, W., Chen, L., Hou, S., Ye, Y., Li, X.: DL4MD: a deep learning framework for intelligent malware detection. In: Proceedings of the International Conference on Data Mining (DMIN), p. 61. The Steering Committee of the World Congress in Computer Science, Computer Engineering and Applied Computing (WorldComp) (2016)

    Google Scholar 

  3. Alam, M.S., Vuong, S.T.: Random forest classification for detecting android malware. In: 2013 IEEE International Conference on Green Computing and Communications and IEEE Internet of Things and IEEE Cyber, Physical and Social Computing, pp. 663–669. IEEE (2013)

    Google Scholar 

  4. Zhu, H.J., Jiang, T.H., Ma, B., You, Z.H., Shi, W.L., Cheng, L.: HEMD: a highly efficient random forest-based malware detection framework for Android. Neural Comput. Appl. 30(11), 3353–3361 (2018)

    Article  Google Scholar 

  5. Arp, D., Spreitzenbarth, M., Hubner, M., Gascon, H., Rieck, K., Siemens, C.E.R.T.: Drebin: effective and explainable detection of android malware in your pocket. In: NDSS, vol. 14, pp. 23–26 (2014)

    Google Scholar 

  6. Sung, A., Xu, J., Chavez, P., Mukkamala, S.: Static analyzer of vicious executables (SAVE). In: Proceedings—Annual Computer Security Applications Conference, ACSAC, pp. 326–334 (2005). https://doi.org/10.1109/CSAC.2004.37

  7. Christodorescu, M., Jha, S.: Static analysis of executables to detect malicious patterns. In: Proceedings of the 12th Conference on USENIX Security Symposium—Volume 12 (SSYM’03). USENIX Association, USA (2003)

    Google Scholar 

  8. Christodorescu, M., Jha, S.: Testing malware detectors. ACM SIGSOFT Softw. Eng. Notes 29, 34–44 (2004). https://doi.org/10.1145/1007512.1007518

    Article  Google Scholar 

  9. Shanmugam, G., Low, R., Stamp, M.: Simple substitution distance and metamorphic detection. J. Comput. Virol. Hacking Tech. 9 (2013). https://doi.org/10.1007/s11416-013-0184-5

  10. Wong, W., Stamp, M.: Hunting for metamorphic engines. J. Comput. Virol. 2, 211–229 (2006). https://doi.org/10.1007/s11416-006-0028-7

    Article  Google Scholar 

  11. Sorokin, I.: Comparing files using structural entropy. J. Comput. Virol. 7, 259–265 (2011). https://doi.org/10.1007/s11416-011-0153-9

    Article  Google Scholar 

  12. Baysa, D., Low, R., Stamp, M.: Structural entropy and metamorphic malware. J. Comput. Virol. Hacking Tech. 9 (2013). https://doi.org/10.1007/s11416-013-0185-4

  13. Ször, P., Ferrie, P.: Hunting for metamorphic. In: Virus Bulletin Conference (2001)

    Google Scholar 

  14. Runwal, N., Low, R., Stamp, M.: OpCode graph similarity and metamorphic detection. J. Comput. Virol. 8 (2012). https://doi.org/10.1007/s11416-012-0160-5

  15. Stamp, M., Toderici, A.: Chi-squared distance and metamorphic virus detection. J. Comput. Virol. Hacking Tech. 9, 1–14 (2013). https://doi.org/10.1007/s11416-012-0171-2

    Article  Google Scholar 

  16. Zheng, M., Sun, M., Lui, J.C.S.: Droid analytics: a signature based analytic system to collect, extract, analyze and associate Android malware. In: 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, Melbourne, VIC, 2013, pp. 163–171. https://doi.org/10.1109/TrustCom.2013.25

  17. Gao, T., Peng, W., Sisodia, D., Saha, T.K., Li, F., Al Hasan, M.: Android malware detection via graphlet sampling. IEEE Trans. Mob. Comput. 18(12), 2754–2767 (2019). https://doi.org/10.1109/TMC.2018.2880731

    Article  Google Scholar 

  18. Wu, D., Mao, C., Wei, T., Lee, H., Wu, K.: DroidMat: Android malware detection through manifest and API calls tracing. In: 2012 Seventh Asia Joint Conference on Information Security, Tokyo, 2012, pp. 62–69. https://doi.org/10.1109/AsiaJCIS.2012.18

  19. Peiravian, N., Zhu, X.: Machine learning for android malware detection using permission and API calls. In: 2013 IEEE 25th International Conference on Tools with Artificial Intelligence, Herndon, VA, 2013, pp. 300–305. https://doi.org/10.1109/ICTAI.2013.53

  20. Chan, P.P.K., Song, W.-K.: Static detection of Android malware by using permissions and API calls. In: 2014 International Conference on Machine Learning and Cybernetics, Lanzhou, 2014, pp. 82–87. https://doi.org/10.1109/ICMLC.2014.7009096

  21. Liang, S., Du, X.: Permission-combination-based scheme for Android mobile malware detection. In: 2014 IEEE International Conference on Communications (ICC), Sydney, NSW, 2014, pp. 2301–2306. https://doi.org/10.1109/ICC.2014.6883666

  22. Wang, Z., Li, K., Hu, Y., Fukuda, A., Kong, W.: Multilevel permission extraction in Android applications for malware detection. In: 2019 International Conference on Computer, Information and Telecommunication Systems (CITS), Beijing, China, 2019, pp. 1–5. https://doi.org/10.1109/CITS.2019.8862060

  23. Kapoor, A., Kushwaha, H., Gandotra, E.: Permission based Android malicious application detection using machine learning. In: 2019 International Conference on Signal Processing and Communication (ICSC), Noida, India, 2019, pp. 103–108. https://doi.org/10.1109/ICSC45622.2019.8938236

  24. Saleem, M.S., Mišić, J., šić, V.B.: Examining permission patterns in Android apps using Kernel density estimation. In: 2020 International Conference on Computing, Networking and Communications (ICNC), Big Island, HI, USA, 2020, pp. 719–724. https://doi.org/10.1109/ICNC47757.2020.9049820

  25. Kolbitsch, C., Comparetti, P., Kruegel, C., Kirda, E., Zhou, X.-y., Wang, X.: Effective and efficient malware detection at the end host. In: USENIX Security Symposium, pp. 351–366 (2009)

    Google Scholar 

  26. Burguera, I., Zurutuza, U., Nadjm-Tehrani, S.: Crowdroid: behavior-based malware detection system for Android. In: SPSM ’11, pp. 15–26 (2011). https://doi.org/10.1145/2046614.2046619

  27. Mohaisen, A., Alrawi, O., Mohaisen, M.: AMAL: high-fidelity, behavior-based automated malware analysis and classification. Comput. Secur. (2015). https://doi.org/10.1016/j.cose.2015.04.001

  28. Nikolopoulos, S., Polenakis, I.: A graph-based model for malware detection and classification using system-call groups. J. Comput. Virol. Hacking Tech. 13 (2016). https://doi.org/10.1007/s11416-016-0267-1

  29. Saracino, A., Sgandurra, D., Dini, G., Martinelli, F.: MADAM: effective and efficient behavior-based Android malware detection and prevention. IEEE Trans. Depend. Secure Comput. 15(1), 83–97 (2018). https://doi.org/10.1109/TDSC.2016.2536605

    Article  Google Scholar 

  30. Choi, C., Esposito, C., Lee, M., Choi, J.: Metamorphic malicious code behavior detection using probabilistic inference methods. Cognit. Syst. Res. 56, 142–150 (2019)

    Article  Google Scholar 

  31. Song, F., Touili, T.: PoMMaDe: pushdown model-checking for malware detection, pp. 607–610 (2013). https://doi.org/10.1145/2491411.2494599

  32. Chaugule, A., Xu, Z., Zhu, S.: A Specification Based Intrusion Detection Framework for Mobile Phones, pp. 19–37 (2011). https://doi.org/10.1007/978-3-642-21554-4_2

  33. Song, F., Touili, T.: Model-Checking for Android Malware Detection, pp. 216–235 (2014). https://doi.org/10.1007/978-3-319-12736-1_12

  34. Battista, P., Mercaldo, F., Nardone, V., Santone, A., Visaggio, C.A.: Identification of Android malware families with model checking. https://doi.org/10.5220/0005809205420547

  35. Canfora, G., Martinelli, F., Mercaldo, F., Nardone, V., Santone, A., Visaggio, C.A.: LEILA: formal tool for identifying mobile malicious behaviour. IEEE Trans. Softw. Eng. 45(12), 1230–1252 (2019). https://doi.org/10.1109/TSE.2018.2834344

    Article  Google Scholar 

  36. IDApro: Available at: https://www.hex-rays.com/. Accessed 28 Nov 2020

  37. Debugger, O.: Available at: http://www.ollydbg.de/. Accessed 28 Nov 2020

  38. XXD. Available at: https://linux.die.net/man/1/xxd. Accessed 28 Nov 2020

  39. Miller, P., Hexdump (2000). Available at: https://man7.org/linux/man-pages/man1/hexdump.1.html. Accessed 28 Nov 2020

  40. The first computer virus was designed for an apple computer, by a 15 year old. https://blogs.quickheal.com/the-first-pc-virus-was-designed-for-an-apple-computer-by-a-15-year-old/

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Farid Naït-Abdesselam .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Naït-Abdesselam, F., Darwaish, A., Titouna, C. (2022). Malware Forensics: Legacy Solutions, Recent Advances, and Future Challenges. In: Nicopolitidis, P., Misra, S., Yang, L.T., Zeigler, B., Ning, Z. (eds) Advances in Computing, Informatics, Networking and Cybersecurity. Lecture Notes in Networks and Systems, vol 289. Springer, Cham. https://doi.org/10.1007/978-3-030-87049-2_25

Download citation

Publish with us

Policies and ethics