Abstract
Malware analysis is the process to investigate malware operation in order to learn and understand that malicious intent. Two common techniques that can be used to analyze malware are static analysis and dynamic analysis. Nowadays, many malware writers try to avoid security checking by implement techniques such as anti-reverse engineering, packing and encryption. It was make static analysis difficult to be implemented. In this paper, we propose a new framework to analyze malware by using dynamic approach. This framework will define malware behavior through run time analysis and resource monitoring. The contribution of this study is the new framework for defining malware behavior based on operation and target operation of the malware.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Aycock, J.: Computer Viruses and Malware. Springer, Heidelberg (2006)
Christodorescu, M., Jha, S., Seshia, S.A., Song, D., Bryant, R.E.: Semantics-Aware Malware Detection. In: IEEE Symposium on Security and Privacy, pp. 32–46 (2005)
Jian, L., Ning, Z., Ming, X., YongQing, S., JiouChuan, L.: Malware Behavior Extracting via Maximal Patterns. In: 1st International Conference on Information Science and Engineering (ICISE), pp. 1759–1764 (2009)
Idika, N., Mathur, A.: A Survey of Malware Detection Techniques. In: Technical Report SERC-TR-286. Department of Computer Science, P.U., SERC, ed. (2007)
McAfee: McAfee Threats Report: Third Quarter 2010. Threats Report (2010), http://www.mcafee.com/Q3_Threat_Report
Bergeron, J., Desharnais, M., Desharnaias, J., Erhioui, M.M., Lavoie, Y., Tawbi, N.: Static Detection of Malicious Code in Executable Programs. Int. J. of Req. Eng. (2001)
Gérard Wagener, R.S.a.A.D.: Malware Behaviour Analysis. Journal in Computer Virology 4, 279–287 (2008)
Purui, S., Lingyun, Y., Dengguo, F.: Exploring Malware Behaviors Based on Environment Constitution. In: International Conference on Computational Intelligence and Security, CIS 2008, vol. 1, pp. 320–325 (2008)
Hengli, Z., Ming, X., Ning, Z., Jingjing, Y., Qiang, H.: Malicious Executables Classification Based on Behavioral Factor Analysis. In: International Conference on e-Education, e-Business, e-Management, and e-Learning, IC4E 2010, pp. 502–506 (2010)
Preda, M.D., Christodorescu, M., Jha, S., Debrey, S.: A Semantics-Based Approach to Malware Detection. ACM Transactions on Programming Languages and Systems 30 (2008)
Tzu-Yen, W., Chin-Hsiung, W., Chu-Cheng, H.: A Virus Prevention Model Based on Static Analysis and Data Mining Methods. In: IEEE 8th International Conference on Computer and Information Technology Workshops. CIT Workshops, pp. 288–293 (2008)
Inoue, D., Yoshioka, K., Eto, M., Hoshizawa, Y., Nakao, K.: Malware Behavior Analysis in Isolated Miniature Network for Revealing Malware’s Network Activity. In: IEEE International Conference on Communications, ICC 2008, pp. 1715–1721 (2008)
Ulrich, B., Imam, H., Davide, B., Engin, K., Christopher, K.: A View on Current Malware Behaviors. In: Proceedings of the 2nd USENIX Conference on Large-scale Exploits and Emergent Threats: Botnets, Spyware, Worms, and More. USENIX Association, Boston (2009)
Syed Bilal, M., Ajay Kumar, T., Muddassar, F.: IMAD: In-execution Malware Analysis and Detection. In: Proceedings of the 11th Annual Conference on Genetic and Evolutionary Computation. ACM, Montreal (2009)
Ulrich, B., Engin, K., Christopher, K.: Improving the Efficiency of Dynamic Malware Analysis. In: Proceedings of the 2010 ACM Symposium on Applied Computing. ACM, Sierre (2010)
VMware (2010), http://www.vmware.com/
Microsoft, Microsoft Virtual PC (2010), http://www.microsoft.com/windows/virtual-pc/
Vasudevan, A.: MalTRAK: Tracking and Eliminating Unknown Malware. In: Annual Computer Security Applications Conference, ACSAC 2008, pp. 311–321 (2008)
Willems, C., Holz, T., Freiling, F.: Toward Automated Dynamic Malware Analysis Using CWSandbox. IEEE Security & Privacy 5, 32–39 (2007)
Capture BAT, http://www.honeynet.org/project/CaptureBAT (2010)
Wireshark (2011), http://www.wireshark.org/
Seiferta, C., Steensona, R., Welcha, I., Komisarczuka, P., Endicott-Popovsky, B.: Capture – A Behavioral Analysis Tool for Applications and Documents. Digital Investigation 4, 23–30 (2007)
Microsoft, Process Monitor (2010), http://technet.microsoft.com/en-us/sysinternals/default
API Monitor, http://www.apimonitor.com/ (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zolkipli, M.F., Jantan, A. (2011). A Framework for Defining Malware Behavior Using Run Time Analysis and Resource Monitoring. In: Mohamad Zain, J., Wan Mohd, W.M.b., El-Qawasmeh, E. (eds) Software Engineering and Computer Systems. ICSECS 2011. Communications in Computer and Information Science, vol 179. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22170-5_18
Download citation
DOI: https://doi.org/10.1007/978-3-642-22170-5_18
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-22169-9
Online ISBN: 978-3-642-22170-5
eBook Packages: Computer ScienceComputer Science (R0)