ABSTRACT
Malware, its volume increases each year and its threat becoming ever more prevalent, is responsible for a large portion of security incidents. Unfortunately, most of the time information regarding the threat that it poses are notional. In this paper, we conduct heuristic static and dynamic analysis in order to extract the necessary static analysis and dynamic analysis features for detecting, assessing and measuring malware threats. Based on the given datasets, i.e. 876 malware and 49 benignware, our proposed method was able to quantitatively assess the threat level of malware and detect malware with promising results.
- Mohaddeseh Zakeri, Fatemeh Faraji Daneshgar, Maghsoud Abbaspour. 2015. A static heuristic approach to detecting malware targets. Security and Communication Networks 8, 17 (2015), 3015--3027. https://doi.org/10.1002/sec.1228Google ScholarDigital Library
- Anonymous. 2019. Day 60: Windows API Use in SpyEye Banking Trojan. Retrieved June 13, 2020 from https://medium.com/@int0x33/day-60-windows-api-use-in-spyeye-banking-trojan-ca8e8694bccdGoogle Scholar
- Chao Dai, Jianmin Pang, Xiaochuan Zhang, Guanghui Liang, Hong Bai. 2016. A novel information fusion model for assessment of malware threat. International Journal of Security and Its Applications 1, 1 (2016), 8. https://doi.org/10.14257/ijsia.2016.10.5.01Google Scholar
- Igor Santos, Jaime Devesa, Brezo Felix, Javier Nieves, Pablo Garcia Bringas. 2013. Opem: A static-dynamic approach for machine-learning-based malware detection. In International Joint Conference CISIS'12-ICEUTE 12-SOCO 12 Special Sessions. Springer, 271--280. https://doi.org/10.1007/978-3-642-33018-6_28Google ScholarCross Ref
- Microsoft Corporation. 1999. Microsoft portable executable and common object file format specification.Google Scholar
- The MITRE Corporation. 2020. Mitre ATT&CK Navigator Enterprise. Retrieved February 3, 2020 from https://attack.mitre.org/Google Scholar
- Kris Oosthoek, Christian Doerr. 2019. SoK: ATT&CK Techniques and Trends in Windows Malware. In International Conference on Security and Privacy in Communication Systems. Springer, 406--425. https://doi.org/10.1007/978-3-030-37228-6_20Google Scholar
- Mehnaz, Shagufta, Mudgerikar, Anand, Bertino, Elisa. 2018. Rwguard: A real-time detection system against cryptographic ransomware. (2018), 114--136.Google Scholar
- Claudio Guarnieri. 2019. Cuckoo Sandbox. Retrieved May 13, 2020 from https://cuckoosandbox.org/Google Scholar
- Robert Lyda, James Hamrock. 2007. Using entropy analysis to find encrypted and packed malware. IEEE Security & Privacy 5, 2 (2007), 40--45. https://doi.org/10.1109/MSP.2007.48Google ScholarDigital Library
- Michael Sikorski, Andrew Honig. 2012. Practical malware analysis: the hands-on guide to dissecting malicious software. No Starch Press.Google Scholar
- Nunes, Matthew, Burnap, Pete, Rana, Omer, Reinecke, Philipp, Lloyd, Kaelon. 2019. Getting to the root of the problem: A detailed comparison of kernel and user level data for dynamic malware analysis. Journal of Information Security and Applications 48 (2019), 102365. https://doi.org/10.1016/j.jisa.2019.102365Google ScholarCross Ref
- Sanchit Gupta, Harshit Sharma, Sarvjeet Kaur. 2016. Malware characterization using windows API call sequences. In International Conference on Security, Privacy, and Applied Cryptography Engineering. Springer, 271--280. https://doi.org/10.1007/978-3-319-49445-6_15Google ScholarCross Ref
- Samuel Kim. 2018. PE header analysis for malware detection. (2018). https://doi.org/10.31979/etd.q3dd-gp9uGoogle Scholar
- Hojjat Aghakhani, Fabio Gritti, Francesco Meccay, Martina Lindorferz, Stefano Ortolanix, Davide Balzarotti, Giovanni Vigna, Christopher Kruegel. 2020. When Malware is Packin'Heat; Limits of Machine Learning Classifiers Based on Static Analysis Features. In Network and Distributed Systems Security (NDSS) Symposium 2020. https://doi.org/10.14722/ndss.2020.24310Google ScholarCross Ref
- Malwarebytes Labs. 2020. 2020 Malwarebytes Labs State of Malware Report February 2020. Retrieved June 7, 2020 from https://resources.malwarebytes.com/files/2020/02/2020_State-of-Malware-Report.pdfGoogle Scholar
- Ali Suwanda, Charles Lim, Lukas. 2020. Malware Threat Scoring Using Static and Dynamic Analysis Features. Master's thesis. Tangerang, Indonesia.Google Scholar
- Daniele Sgandurra, Luis Muñoz-Gonzále, Rabih Mohsen, Emil C. Lupu. 2016. Automated dynamic analysis of ransomware: Benefits, limitations and use for detection. arXiv preprint arXiv:1609.03020 (2016).Google Scholar
- Marc Ochsenmeier. 2020. PEStudio. Retrieved May 29, 2020 from https://www.winitor.com/Google Scholar
- Yoshihiro Oyama. 2018. Trends of anti-analysis operations of malwares observed in API call logs. Journal of Computer Virology and Hacking Techniques 14, 1 (2018), 69--85. https://doi.org/10.1007/s11416-017-0290-xGoogle ScholarCross Ref
- Ponemon Institute LLC. 2015. The Cost of Malware Containment. January (2015), 1--19. https://doi.org/10.1016/j.amepre.2005.06.011Google Scholar
- T. E. Dube, R. A. Raines, M. R. Grimaila, K. W. Bauer, S. K. Rogers. 2012. Malware target recognition of unknown threats. IEEE Systems Journal 7, 3 (2012), 467--477. https://doi.org/10.1109/JSYST.2012.2221913Google ScholarCross Ref
- Payload Security. 2020. Hybrid Analysis Free Malware Analysis Service. Retrieved July 13, 2020 from https://www.hybrid-analysis.com/Google Scholar
- Yang seo Choi, Ik-kyun Kim, Jin-tae Oh, Jae-cheol Ryou. 2008. PE File Header analysis-based packed PE file detection technique (PHAD). In International Symposium on Computer Science and its Applications. IEEE, 28--31. https://doi.org/10.1109/CSA.2008.28Google ScholarDigital Library
- Hispasec Sistemas. 2020. VirusTotal. Retrieved May 19, 2020 from https://www.virustotal.comGoogle Scholar
- Mamoun Alazab, Robert Layton, Sitalakshmi Venkatraman, Paul Watters. 2010. Malware detection based on structural and behavioural features of api calls. (2010).Google Scholar
- Blake E. Strom, Joseph A. Battaglia, Michael S. Kemmerer, William Kupersanin, Douglas P. Miller, Craig Wampler, Sean M. Whitley, Ross D. Wolf. 2017. Finding cyber threats with ATT&CK-based analytics. The MITRE Corporation, Bedford, MA, Technical Report No. MTR170202 (2017).Google Scholar
- David Yantis. 2020. Windows Functions in Malware Analysis. Retrieved June 13, 2020 from https://gist.github.com/404NetworkError/a81591849f5b6b5fe09f517efc189c1dGoogle Scholar
Index Terms
- Uncovering Malware Traits Using Hybrid Analysis
Recommendations
Dynamic Malware Analysis in the Modern Era—A State of the Art Survey
Although malicious software (malware) has been around since the early days of computers, the sophistication and innovation of malware has increased over the years. In particular, the latest crop of ransomware has drawn attention to the dangers of ...
A Framework for Supporting Ransomware Detection and Prevention Based on Hybrid Analysis
Computational Science and Its Applications – ICCSA 2021AbstractRansomware is a very effective form of malware, which recently raised a lot of attention since an impressive number of workstations was affected. This malware is able to encrypt the files located in the infected machine and block the access to ...
Hybrid Analysis Technique to detect Advanced Persistent Threats
Advanced persistent threats APT are major threats in the field of system and network security. They are extremely stealthy and use advanced evasion techniques like packing and behaviour obfuscation to hide their malicious behaviour and evade the ...
Comments