A survey on malware analysis techniques

Static, dynamic, hybrid and memory analysis

Research output: Contribution to journalArticle

2 Citations (Scopus)

Abstract

The threats malware pose to the people around the world are increasing rapidly. A software that sneaks to your computer system without your knowledge with a harmful intent to disrupt your computer operations. Due to the vast number of malware, it is impossible to handle malware by human engineers. Therefore, security researchers are taking great efforts to develop accurate and effective techniques to detect malware. This paper offers an overall view and detailed survey for malware detection methods like signature-based and heuristic-based. The Signature-based is largely used today by anti-virus software to detect malware. It is fast and capable to detect known malware. However, it is not effective in detecting zero-day malware and is easily defeated by malware that use obfuscation techniques. Likewise, a considerable amount of legitimate files that are incorrectly classified as malware (false positive) and long scanning time are the major limitations of heuristic-based. Alternatively, memory-based analysis is a promising technique that gives a comprehensive view of malware and it is expected to become more popular in malware detection. This paper mainly focuses on the following areas: (1) providing an overview of malware types and malware detection methods, (2) discussing current malware analysis techniques, their findings and limitations, (3) studying the malware obfuscation, attacking and anti-analysis techniques, and (4) exploring the structure of memory-based analysis in malware detection. The methods of malware detection are compared with each other according to their techniques, selected features, accuracy rates, and their advantages and disadvantages. This paper aims to help the readers to have a comprehensive view of malware detection and discuss the importance of memory-based analysis in malware detection.

Original languageEnglish
Pages (from-to)1662-1671
Number of pages10
JournalInternational Journal on Advanced Science, Engineering and Information Technology
Volume8
Issue number4-2
Publication statusPublished - 1 Jan 2018

Fingerprint

Data storage equipment
Software
Computer Systems
methodology
Research Personnel
Viruses
Surveys and Questionnaires
Malware
engineers
Heuristics
researchers
Computer operating procedures
Computer viruses
viruses
Computer systems
Scanning

Keywords

  • Behaviour-based
  • Feature
  • Malicious
  • Malware detection method
  • Memory analysis
  • Security

ASJC Scopus subject areas

  • Computer Science(all)
  • Agricultural and Biological Sciences(all)
  • Engineering(all)

Cite this

@article{26813022097c48fcb8971d0615d2d3cb,
title = "A survey on malware analysis techniques: Static, dynamic, hybrid and memory analysis",
abstract = "The threats malware pose to the people around the world are increasing rapidly. A software that sneaks to your computer system without your knowledge with a harmful intent to disrupt your computer operations. Due to the vast number of malware, it is impossible to handle malware by human engineers. Therefore, security researchers are taking great efforts to develop accurate and effective techniques to detect malware. This paper offers an overall view and detailed survey for malware detection methods like signature-based and heuristic-based. The Signature-based is largely used today by anti-virus software to detect malware. It is fast and capable to detect known malware. However, it is not effective in detecting zero-day malware and is easily defeated by malware that use obfuscation techniques. Likewise, a considerable amount of legitimate files that are incorrectly classified as malware (false positive) and long scanning time are the major limitations of heuristic-based. Alternatively, memory-based analysis is a promising technique that gives a comprehensive view of malware and it is expected to become more popular in malware detection. This paper mainly focuses on the following areas: (1) providing an overview of malware types and malware detection methods, (2) discussing current malware analysis techniques, their findings and limitations, (3) studying the malware obfuscation, attacking and anti-analysis techniques, and (4) exploring the structure of memory-based analysis in malware detection. The methods of malware detection are compared with each other according to their techniques, selected features, accuracy rates, and their advantages and disadvantages. This paper aims to help the readers to have a comprehensive view of malware detection and discuss the importance of memory-based analysis in malware detection.",
keywords = "Behaviour-based, Feature, Malicious, Malware detection method, Memory analysis, Security",
author = "Rami Sihwail and Khairuddin Omar and {Zainol Ariffin }, {Khairul Akram}",
year = "2018",
month = "1",
day = "1",
language = "English",
volume = "8",
pages = "1662--1671",
journal = "International Journal on Advanced Science, Engineering and Information Technology",
issn = "2088-5334",
publisher = "INSIGHT - Indonesian Society for Knowledge and Human Development",
number = "4-2",

}

TY - JOUR

T1 - A survey on malware analysis techniques

T2 - Static, dynamic, hybrid and memory analysis

AU - Sihwail, Rami

AU - Omar, Khairuddin

AU - Zainol Ariffin , Khairul Akram

PY - 2018/1/1

Y1 - 2018/1/1

N2 - The threats malware pose to the people around the world are increasing rapidly. A software that sneaks to your computer system without your knowledge with a harmful intent to disrupt your computer operations. Due to the vast number of malware, it is impossible to handle malware by human engineers. Therefore, security researchers are taking great efforts to develop accurate and effective techniques to detect malware. This paper offers an overall view and detailed survey for malware detection methods like signature-based and heuristic-based. The Signature-based is largely used today by anti-virus software to detect malware. It is fast and capable to detect known malware. However, it is not effective in detecting zero-day malware and is easily defeated by malware that use obfuscation techniques. Likewise, a considerable amount of legitimate files that are incorrectly classified as malware (false positive) and long scanning time are the major limitations of heuristic-based. Alternatively, memory-based analysis is a promising technique that gives a comprehensive view of malware and it is expected to become more popular in malware detection. This paper mainly focuses on the following areas: (1) providing an overview of malware types and malware detection methods, (2) discussing current malware analysis techniques, their findings and limitations, (3) studying the malware obfuscation, attacking and anti-analysis techniques, and (4) exploring the structure of memory-based analysis in malware detection. The methods of malware detection are compared with each other according to their techniques, selected features, accuracy rates, and their advantages and disadvantages. This paper aims to help the readers to have a comprehensive view of malware detection and discuss the importance of memory-based analysis in malware detection.

AB - The threats malware pose to the people around the world are increasing rapidly. A software that sneaks to your computer system without your knowledge with a harmful intent to disrupt your computer operations. Due to the vast number of malware, it is impossible to handle malware by human engineers. Therefore, security researchers are taking great efforts to develop accurate and effective techniques to detect malware. This paper offers an overall view and detailed survey for malware detection methods like signature-based and heuristic-based. The Signature-based is largely used today by anti-virus software to detect malware. It is fast and capable to detect known malware. However, it is not effective in detecting zero-day malware and is easily defeated by malware that use obfuscation techniques. Likewise, a considerable amount of legitimate files that are incorrectly classified as malware (false positive) and long scanning time are the major limitations of heuristic-based. Alternatively, memory-based analysis is a promising technique that gives a comprehensive view of malware and it is expected to become more popular in malware detection. This paper mainly focuses on the following areas: (1) providing an overview of malware types and malware detection methods, (2) discussing current malware analysis techniques, their findings and limitations, (3) studying the malware obfuscation, attacking and anti-analysis techniques, and (4) exploring the structure of memory-based analysis in malware detection. The methods of malware detection are compared with each other according to their techniques, selected features, accuracy rates, and their advantages and disadvantages. This paper aims to help the readers to have a comprehensive view of malware detection and discuss the importance of memory-based analysis in malware detection.

KW - Behaviour-based

KW - Feature

KW - Malicious

KW - Malware detection method

KW - Memory analysis

KW - Security

UR - http://www.scopus.com/inward/record.url?scp=85055342494&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85055342494&partnerID=8YFLogxK

M3 - Article

VL - 8

SP - 1662

EP - 1671

JO - International Journal on Advanced Science, Engineering and Information Technology

JF - International Journal on Advanced Science, Engineering and Information Technology

SN - 2088-5334

IS - 4-2

ER -