Skip to main content
SpringerLink
Log in

A Framework for Defining Malware Behavior Using Run Time Analysis and Resource Monitoring

  • Conference paper
Software Engineering and Computer Systems (ICSECS 2011)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 179))

Included in the following conference series:

Abstract

Malware analysis is the process to investigate malware operation in order to learn and understand that malicious intent. Two common techniques that can be used to analyze malware are static analysis and dynamic analysis. Nowadays, many malware writers try to avoid security checking by implement techniques such as anti-reverse engineering, packing and encryption. It was make static analysis difficult to be implemented. In this paper, we propose a new framework to analyze malware by using dynamic approach. This framework will define malware behavior through run time analysis and resource monitoring. The contribution of this study is the new framework for defining malware behavior based on operation and target operation of the malware.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Aycock, J.: Computer Viruses and Malware. Springer, Heidelberg (2006)

    Google Scholar 

  2. Christodorescu, M., Jha, S., Seshia, S.A., Song, D., Bryant, R.E.: Semantics-Aware Malware Detection. In: IEEE Symposium on Security and Privacy, pp. 32–46 (2005)

    Google Scholar 

  3. Jian, L., Ning, Z., Ming, X., YongQing, S., JiouChuan, L.: Malware Behavior Extracting via Maximal Patterns. In: 1st International Conference on Information Science and Engineering (ICISE), pp. 1759–1764 (2009)

    Google Scholar 

  4. Idika, N., Mathur, A.: A Survey of Malware Detection Techniques. In: Technical Report SERC-TR-286. Department of Computer Science, P.U., SERC, ed. (2007)

    Google Scholar 

  5. McAfee: McAfee Threats Report: Third Quarter 2010. Threats Report (2010), http://www.mcafee.com/Q3_Threat_Report

  6. Bergeron, J., Desharnais, M., Desharnaias, J., Erhioui, M.M., Lavoie, Y., Tawbi, N.: Static Detection of Malicious Code in Executable Programs. Int. J. of Req. Eng. (2001)

    Google Scholar 

  7. Gérard Wagener, R.S.a.A.D.: Malware Behaviour Analysis. Journal in Computer Virology 4, 279–287 (2008)

    Article  Google Scholar 

  8. Purui, S., Lingyun, Y., Dengguo, F.: Exploring Malware Behaviors Based on Environment Constitution. In: International Conference on Computational Intelligence and Security, CIS 2008, vol. 1, pp. 320–325 (2008)

    Google Scholar 

  9. Hengli, Z., Ming, X., Ning, Z., Jingjing, Y., Qiang, H.: Malicious Executables Classification Based on Behavioral Factor Analysis. In: International Conference on e-Education, e-Business, e-Management, and e-Learning, IC4E 2010, pp. 502–506 (2010)

    Google Scholar 

  10. Preda, M.D., Christodorescu, M., Jha, S., Debrey, S.: A Semantics-Based Approach to Malware Detection. ACM Transactions on Programming Languages and Systems 30 (2008)

    Google Scholar 

  11. Tzu-Yen, W., Chin-Hsiung, W., Chu-Cheng, H.: A Virus Prevention Model Based on Static Analysis and Data Mining Methods. In: IEEE 8th International Conference on Computer and Information Technology Workshops. CIT Workshops, pp. 288–293 (2008)

    Google Scholar 

  12. Inoue, D., Yoshioka, K., Eto, M., Hoshizawa, Y., Nakao, K.: Malware Behavior Analysis in Isolated Miniature Network for Revealing Malware’s Network Activity. In: IEEE International Conference on Communications, ICC 2008, pp. 1715–1721 (2008)

    Google Scholar 

  13. Ulrich, B., Imam, H., Davide, B., Engin, K., Christopher, K.: A View on Current Malware Behaviors. In: Proceedings of the 2nd USENIX Conference on Large-scale Exploits and Emergent Threats: Botnets, Spyware, Worms, and More. USENIX Association, Boston (2009)

    Google Scholar 

  14. Syed Bilal, M., Ajay Kumar, T., Muddassar, F.: IMAD: In-execution Malware Analysis and Detection. In: Proceedings of the 11th Annual Conference on Genetic and Evolutionary Computation. ACM, Montreal (2009)

    Google Scholar 

  15. Ulrich, B., Engin, K., Christopher, K.: Improving the Efficiency of Dynamic Malware Analysis. In: Proceedings of the 2010 ACM Symposium on Applied Computing. ACM, Sierre (2010)

    Google Scholar 

  16. VMware (2010), http://www.vmware.com/

  17. Microsoft, Microsoft Virtual PC (2010), http://www.microsoft.com/windows/virtual-pc/

  18. Vasudevan, A.: MalTRAK: Tracking and Eliminating Unknown Malware. In: Annual Computer Security Applications Conference, ACSAC 2008, pp. 311–321 (2008)

    Google Scholar 

  19. Willems, C., Holz, T., Freiling, F.: Toward Automated Dynamic Malware Analysis Using CWSandbox. IEEE Security & Privacy 5, 32–39 (2007)

    Article  Google Scholar 

  20. Capture BAT, http://www.honeynet.org/project/CaptureBAT (2010)

    Google Scholar 

  21. Wireshark (2011), http://www.wireshark.org/

  22. Seiferta, C., Steensona, R., Welcha, I., Komisarczuka, P., Endicott-Popovsky, B.: Capture – A Behavioral Analysis Tool for Applications and Documents. Digital Investigation 4, 23–30 (2007)

    Article  Google Scholar 

  23. Microsoft, Process Monitor (2010), http://technet.microsoft.com/en-us/sysinternals/default

  24. API Monitor, http://www.apimonitor.com/ (2010)

Download references

Author information

Authors and Affiliations

  1. School of Computer Science, Universiti Sains Malaysia, USM, Penang, Malaysia

    Mohamad Fadli Zolkipli & Aman Jantan

Authors
  1. Mohamad Fadli Zolkipli
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Aman Jantan
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Faculty of Computer Systems and Software Engineering, Universiti Malaysia Pahang, Lebuhraya Tun Razak, 26300, Gambang, Kuantan Pahang, Malaysia

    Jasni Mohamad Zain

  2. Faculty of Computer Systems and Software Engineering, Universiti Malaysia Pahang, Lebuhraya Tun Razak, Gambang, 26300, Kuantan Pahang, Malaysia

    Wan Maseri bt Wan Mohd

  3. Information Systems Department, King Saud University, 11543, Riyadh, Saudi Arabia

    Eyas El-Qawasmeh

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Zolkipli, M.F., Jantan, A. (2011). A Framework for Defining Malware Behavior Using Run Time Analysis and Resource Monitoring. In: Mohamad Zain, J., Wan Mohd, W.M.b., El-Qawasmeh, E. (eds) Software Engineering and Computer Systems. ICSECS 2011. Communications in Computer and Information Science, vol 179. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22170-5_18

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-22170-5_18

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-22169-9

  • Online ISBN: 978-3-642-22170-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation