Skip to main content
SpringerLink
Log in

Malware Detection Based on Static and Dynamic Features Analysis

  • Conference paper
  • First Online:
Machine Learning for Cyber Security (ML4CS 2020)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12486))

Included in the following conference series:

Abstract

Machine learning algorithms are widely used in malware detection where successful analysis on static and dynamic features plays a crucial role in process of detecting malicious samples. In this paper, the potential malicious features are summarized with their effectiveness in detection. Moreover, the machine learning approaches based on static and dynamic features analysis are studied with both merits and limitations. Finally, possible solutions are proposed and novel malware detection are put forward, which shows superiority in performance comparison.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Schultz, M.G., Eskin, E., Zadok, F., Stolfo, S.J.: Data mining methods for detection of new malicious executables. In: Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001, pp. 38–49. IEEE (2000)

    Google Scholar 

  2. Kolter, J.Z., Maloof, M.A.: Learning to detect and classify malicious executables in the wild. J. Mach. Learn. Res. 7, 2721–2744 (2006)

    MathSciNet  MATH  Google Scholar 

  3. Hofmeyr, S., Forrest, S., Somayaji, A.: Itrusion detection using sequences of system calls. J. Comput. Secur. 6, 151–180 (1998)

    Article  Google Scholar 

  4. Bergeron, J., Debbabi, M., Desharnais, J.M., Erhioui, M., Tawbi, N.: Static detection of malicious code in executable programs. Int. J. Req. Eng. 2001, 79 (2001)

    Google Scholar 

  5. Xu, X., Xie, T.: A reinforcement learning approach for host-based intrusion detection using sequences of system calls. In: Huang, D.-S., Zhang, X.-P., Huang, G.-B. (eds.) ICIC 2005. LNCS, vol. 3644, pp. 995–1003. Springer, Heidelberg (2005). https://doi.org/10.1007/11538059_103

    Chapter  Google Scholar 

  6. Geng, L.Z., Jia, H.B.: A low-cost method to intrusion detection system using sequences of system calls. In: Second International Conference on Information & Computing Science. IEEE Computer Society (2009)

    Google Scholar 

  7. Ye, Y., Wang, D., Li, T., Ye, D.: IMDS: intelligent malware detection system. In: Proceedings ACM International Conference Knowledge Discovery Data Mining, pp. 1043–1047 (2007)

    Google Scholar 

  8. Ye, Y., Li, T., Huang, K., Jiang, Q., Chen, Y.: Hierarchical associative classifier (HAC) for malware detection from the large and imbalanced gray list. J. Intell. Inf. Syst. 35(1), 1–20 (2010). https://doi.org/10.1007/s10844-009-0086-7

    Article  Google Scholar 

  9. Lee, J., Jeong, K., Lee, H.: Detecting metamorphic malwares using code graphs. In: Proceedings of the ACM Symposium on Applied Computing, ser. New York, NY, USA, pp. 1970–1977. ACM (2010)

    Google Scholar 

  10. Jerlin, M.A., Marimuthu, K.: A new malware detection system using machine learning techniques for API call sequences. J. Appl. Secur. Res. 13(1), 45–62 (2018)

    Article  Google Scholar 

  11. Bilar, D.: OpCodes as predictor for malware. Int. J. Electron. Secur. Digit. Forensics 1(2), 156 (2007)

    Article  Google Scholar 

  12. Santos, I., et al.: Idea: Opcode-sequence-based malware detection. In: Massacci, F., Wallach, D., Zannone, N. (eds.) ESSoS 2010. LNCS, vol. 5965, pp. 35–43. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-11747-3_3

    Chapter  Google Scholar 

  13. Santos, I., Brezo, F., Ugarte-Pedrero, X., Bringas, P.G.: OpCode sequences as representation of executables for data-mining-based unknown malware detection. Inf. Sci. 231, 203–216 (2013)

    Article  MathSciNet  Google Scholar 

  14. Runwal, N., Low, R.M., Stamp, M.: OpCode graph similarity and metamorphic detection. J. Comput. Virol. 8(1–2), 37–52 (2012). https://doi.org/10.1007/s11416-012-0160-5

    Article  Google Scholar 

  15. Ding, Y., Dai, W., Yan, S., Zhang, Y.: Control flow-based OpCode behavior analysis for malware detection. Comput. Secur. 44, 65–74 (2014)

    Article  Google Scholar 

  16. Yuxin, D., Wei, D. Yibin, Z., Chenglong, X.: Malicious code detection using OpCode running tree representation. In: 2014 Ninth International Conference on P2P, Parallel, Grid, Cloud and Internet Computing, Guangdong, pp. 616–621 (2014)

    Google Scholar 

  17. Lu, R.: Malware detection with LSTM using OpCode language (2019)

    Google Scholar 

  18. Kephart, J.O., Sorkin, G.B., Arnold, W.C., Chess, D.M. Tesauro, G.J., White, S.R.: Biologically inspired defenses against computer viruses. In: Proceedings of the 14th International Joint Conference on Artificial Intelligence, vol. 1, pp. 985–996. Morgan Kaufmann (1995)

    Google Scholar 

  19. Schultz, M., Eskin, E., Zadok, F., Stolfo, S.: Data mining methods for detection of new malicious executables. In: Proceedings IEEE Symposium on Security and Privacy, pp. 38–49 (2001)

    Google Scholar 

  20. Abou-Assaleh, T., Cercone, N., Keselj, V., Sweidan, R.: N-gram-based detection of new malicious code. In: Proceedings of the 28th Annual International Computer Software and Applications Conference. IEEE (2004)

    Google Scholar 

  21. Shafiq, M.Z., Khayam, S.A., Farooq, M.: Embedded malware detection using markov n-grams. In: Zamboni, D. (ed.) DIMVA 2008. LNCS, vol. 5137, pp. 88–107. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-70542-0_5

    Chapter  Google Scholar 

  22. Fang, L., Qingyu, O., Guoheng, W.: Research on N-gram-based malicious code feature extraction algorithm. In: International Conference on Computer Application & System Modeling. IEEE (2010)

    Google Scholar 

  23. Parvin, H., Minaei, B., Karshenas, H., Beigi, A.: A new N-gram feature extraction-selection method for malicious code. In: Dobnikar, A., Lotrič, U., Šter, B. (eds.) ICANNGA 2011. LNCS, vol. 6594, pp. 98–107. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-20267-4_11

    Chapter  Google Scholar 

  24. Raff, E., et al.: An investigation of byte n-gram features for malware classification. J. Comput. Virol. Hacking Tech. 14(1), 1–20 (2016). https://doi.org/10.1007/s11416-016-0283-1

    Article  MathSciNet  Google Scholar 

  25. Zak, R., Raff, E., Nicholas, C.: What can N-gram learn for malware detection? In: 2017 12th International Conference on Malicious and Unwanted Software. IEEE (2018)

    Google Scholar 

  26. Lo, R.W., Levitt, K.N., Olsson, R.A.: MCF: a malicious code filter. Comput. Secur. 14(6), 541–566 (1995)

    Google Scholar 

  27. Bruschi, D., Martignoni, L., Monga, M.: Detecting self-mutating malware using control-flow graph matching. In: Büschkes, R., Laskov, P. (eds.) DIMVA 2006. LNCS, vol. 4064, pp. 129–143. Springer, Heidelberg (2006). https://doi.org/10.1007/11790754_8

    Chapter  Google Scholar 

  28. Bonfante, G., Kaczmarek, M., Marion, J.Y.: Control flow graphs as malware signatures. WTCV, May 2007

    Google Scholar 

  29. Zhao, Z.: A virus detection scheme based on features of control flow graph. In: 2nd International Conference on Artificial Intelligence, Management Science and Electronic Commerce (AIMSEC), pp. 943–947 (2011)

    Google Scholar 

  30. Alam, S., Traore, I., Sogukpinar, I.: Annotated control flow graph for metamorphic malware detection. Comput. J. 58(10), 2608–2621 (2015)

    Article  Google Scholar 

  31. Nguyen, M.H., Le, N.D., Nguyen, X.M., Quan, T.T.: Auto-detection of sophisticated malware using lazy-binding control flow graph and deep learning. Comput. Secur. 76, 128–155 (2018)

    Article  Google Scholar 

  32. Ma, Z., Ge, H., Liu, Y., Zhao, M., Ma, J.: A combination method for android malware detection based on control flow graphs and machine learning algorithms. IEEE Access 7, 1 (2019)

    Article  Google Scholar 

  33. Schultz, M.G., Eskin, E., Zadok, F., Stolfo, S.J.: Data mining methods for detection of new malicious executables. In: Proceedings of the IEEE Symposium on Security and Privacy (2001)

    Google Scholar 

  34. Masud, M.M., Khan, L., Thuraisingham, B.: A scalable multi-level feature extraction technique to detect malicious executables. Inf. Syst. Frontiers 10(1), 33–45 (2007). https://doi.org/10.1007/s10796-007-9054-3

    Article  Google Scholar 

  35. Eskandari, M., Hashemi, S.: Metamorphic malware detection using control flow graph mining. Int. J. Compute Sci. Netw. Secur. 11, 1–6 (2011)

    Google Scholar 

  36. Eskandari, M., Hashemi, S.: A graph mining approach for detecting unknown malwares. J. Visual Lang. Comput. 23(3), 154–162 (2012)

    Article  Google Scholar 

  37. Yan, J., Yong, Q., Qifan, R.: Detecting malware with an ensemble method based on deep neural network. Secur. Commun. Netw. 2018, 1–16 (2018)

    Google Scholar 

  38. Christodorescu, M., Jha, S., Seshia, S.A., Semantics-aware malware detection. IEEE Computer Society (2005)

    Google Scholar 

  39. Kim, K., Moon, B.R.: Malware detection based on dependency graph using hybrid genetic algorithm. In: Proceedings of the 12th Annual Conference on Genetic and Evolutionary Computation, 07–11 July (2010)

    Google Scholar 

  40. Ye, Y., et al.: Combinig file content and file relations for cloud based malware detection. In: Proceedings of the 17th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (2011)

    Google Scholar 

  41. Duen, H.C., Carey, N., Jeffrey, W., Adam, W., Christos, F.: Polonium: tera-scale graph mining for malware detection. In: Proceedings of the SIAM International Conference on Data Mining (SDM) (2011)

    Google Scholar 

  42. Acar, T., Kevin, R., Duen, H.C.: Guilt by association: large scale malware detection by mining file-relation graphs. In: Proceedings of ACM International Conference on Knowledge Discovery and Data Mining (ACM SIGKDD) (2014)

    Google Scholar 

  43. Yan, J., Qi, Y., Roa, Q.: Detecting malware with an ensemble method based on deep neural network. Secur. Commun. Netw. 2018, 1–16 (2018)

    Google Scholar 

  44. Tian, R., Islam, R., Batten, L. and Versteeg, S.: Differentiating malware from cleanwares using behavioral analysis. In: Proceedings of 5th International Conference on Malicious and Unwanted Software (2010)

    Google Scholar 

  45. Firdausi, I., Erwin, A., Nugroho, A.S.: Analysis of machine learning techniques used in behavior based malware detection. In: Proceedings of 2nd International Conference on Advances in Computing, Control and Telecommunication Technologies (2010)

    Google Scholar 

  46. Ferrante, A., Medvet, E., Mercaldo, F., Milosevic, J., Visaggio, C.A.: Spotting the malicious moment: characterizing malware behavior using dynamic features. In: 11th International Conference on Availability, Reliability and Security. IEEE (2016)

    Google Scholar 

  47. Donggao, D., Gaochao, L., Yan, M.: Variable-length sequential dynamic features-based malware detection. High tech Commun. English Version 022(004), 362–367 (2016)

    Google Scholar 

  48. Kakisim, A.G., Nar, M., Carkaci, N., Sogukpinar, I.: Analysis and evaluation of dynamic feature-based malware detection methods. In: Lanet, J.-L., Toma, C. (eds.) SECITC 2018. LNCS, vol. 11359, pp. 247–258. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-12942-2_19

    Chapter  Google Scholar 

  49. Lu, Y., Din, S., Zheng, C., Gao, B.: Using multi-feature and classifier ensembles to improve malware detection. J. CCIT 39(2), 57–72 (2010)

    Google Scholar 

  50. Lee, J., Jeong, K., Lee, H.: Detecting metamorphic malwares using code graphs. In: Proceedings of the ACM Symposium on Applied Computing, USA, pp. 1970–1977. ACM (2010)

    Google Scholar 

  51. Guo, H., Pang, J., Zhang, Y., Yue, F., Zhao, R.: HERO: a novel malware detection framework based on binary translation. In: Proceedings of the IEEE International Conference on Intelligent Computing and Intelligent Systems, pp. 411–415. IEEE Xplore Press, Xiamen (2010)

    Google Scholar 

  52. Elhadi, A., Maarof, M., Osman, A.H.: Malware detection based on hybrid signature behaviour application programming interface call graph. Am. J. Appl. Sci. 9, 283–288 (2012)

    Google Scholar 

  53. Santos, I., Devesa, J., Brezo, F., Nieves, J., Bringas, P.G.: OPEM: a static-dynamic approach for machine-learningbased malware detection. In: Proceedings of the International Joint Conference CISIS 2012-ICEUTE12-SOCO12 Special Sessions, vol. 189, pp. 271–280 (2013)

    Google Scholar 

  54. Bai, J., Wang, J.: Improving malware detection using multi-view ensemble learning. Secur. Commun. Netw. 9, 4227–4241 (2016)

    Google Scholar 

  55. Zhang, J., Qin, Z., Hui, Y., Lu, O., Zhang, K.: A feature-hybrid malware variants detection using CNN based OpCode embedding and BPNN based API embedding. Comput. Secur. 84, 376–392 (2019)

    Article  Google Scholar 

Download references

Acknowledgment

This work is partly funded by the National Nature Science Foundation of China (No.61672329, No.61773246), Shandong Provincial Project of Graduate Education Quality Improvement (No. SDYY18058, No.SDYJG19171), Industry-University Cooperation and Education Project of Ministry of Education (No.201801165024, No. 201802002055, No.201901025009, No.201901140022, No.201902095002, No.201902173028, No.201902293009, No.201902009008).

Author information

Authors and Affiliations

  1. Office of Information Technology, Shandong Normal University, Ji’nan, Shandong, China

    Budong Xu

  2. Faculty of Education, Shandong Normal University, Ji’nan, Shandong, China

    Yongqin Li

  3. School of Information Science and Engineering, Shandong Normal University, Ji’nan, China

    Xiaomei Yu

Authors
  1. Budong Xu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yongqin Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Xiaomei Yu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yongqin Li .

Editor information

Editors and Affiliations

  1. Xidian University, Xi'an, China

    Xiaofeng Chen

  2. Guangzhou University, Guangzhou, China

    Hongyang Yan

  3. Michigan State University, East Lansing, MI, USA

    Qiben Yan

  4. Division of Computer, Electrical and Mathematical Sciences and Engineering, King Abdullah University of Science, Thuwal, Saudi Arabia

    Xiangliang Zhang

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Xu, B., Li, Y., Yu, X. (2020). Malware Detection Based on Static and Dynamic Features Analysis. In: Chen, X., Yan, H., Yan, Q., Zhang, X. (eds) Machine Learning for Cyber Security. ML4CS 2020. Lecture Notes in Computer Science(), vol 12486. Springer, Cham. https://doi.org/10.1007/978-3-030-62223-7_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-62223-7_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-62222-0

  • Online ISBN: 978-3-030-62223-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation