Abstract
Machine learning algorithms are widely used in malware detection where successful analysis on static and dynamic features plays a crucial role in process of detecting malicious samples. In this paper, the potential malicious features are summarized with their effectiveness in detection. Moreover, the machine learning approaches based on static and dynamic features analysis are studied with both merits and limitations. Finally, possible solutions are proposed and novel malware detection are put forward, which shows superiority in performance comparison.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Schultz, M.G., Eskin, E., Zadok, F., Stolfo, S.J.: Data mining methods for detection of new malicious executables. In: Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001, pp. 38–49. IEEE (2000)
Kolter, J.Z., Maloof, M.A.: Learning to detect and classify malicious executables in the wild. J. Mach. Learn. Res. 7, 2721–2744 (2006)
Hofmeyr, S., Forrest, S., Somayaji, A.: Itrusion detection using sequences of system calls. J. Comput. Secur. 6, 151–180 (1998)
Bergeron, J., Debbabi, M., Desharnais, J.M., Erhioui, M., Tawbi, N.: Static detection of malicious code in executable programs. Int. J. Req. Eng. 2001, 79 (2001)
Xu, X., Xie, T.: A reinforcement learning approach for host-based intrusion detection using sequences of system calls. In: Huang, D.-S., Zhang, X.-P., Huang, G.-B. (eds.) ICIC 2005. LNCS, vol. 3644, pp. 995–1003. Springer, Heidelberg (2005). https://doi.org/10.1007/11538059_103
Geng, L.Z., Jia, H.B.: A low-cost method to intrusion detection system using sequences of system calls. In: Second International Conference on Information & Computing Science. IEEE Computer Society (2009)
Ye, Y., Wang, D., Li, T., Ye, D.: IMDS: intelligent malware detection system. In: Proceedings ACM International Conference Knowledge Discovery Data Mining, pp. 1043–1047 (2007)
Ye, Y., Li, T., Huang, K., Jiang, Q., Chen, Y.: Hierarchical associative classifier (HAC) for malware detection from the large and imbalanced gray list. J. Intell. Inf. Syst. 35(1), 1–20 (2010). https://doi.org/10.1007/s10844-009-0086-7
Lee, J., Jeong, K., Lee, H.: Detecting metamorphic malwares using code graphs. In: Proceedings of the ACM Symposium on Applied Computing, ser. New York, NY, USA, pp. 1970–1977. ACM (2010)
Jerlin, M.A., Marimuthu, K.: A new malware detection system using machine learning techniques for API call sequences. J. Appl. Secur. Res. 13(1), 45–62 (2018)
Bilar, D.: OpCodes as predictor for malware. Int. J. Electron. Secur. Digit. Forensics 1(2), 156 (2007)
Santos, I., et al.: Idea: Opcode-sequence-based malware detection. In: Massacci, F., Wallach, D., Zannone, N. (eds.) ESSoS 2010. LNCS, vol. 5965, pp. 35–43. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-11747-3_3
Santos, I., Brezo, F., Ugarte-Pedrero, X., Bringas, P.G.: OpCode sequences as representation of executables for data-mining-based unknown malware detection. Inf. Sci. 231, 203–216 (2013)
Runwal, N., Low, R.M., Stamp, M.: OpCode graph similarity and metamorphic detection. J. Comput. Virol. 8(1–2), 37–52 (2012). https://doi.org/10.1007/s11416-012-0160-5
Ding, Y., Dai, W., Yan, S., Zhang, Y.: Control flow-based OpCode behavior analysis for malware detection. Comput. Secur. 44, 65–74 (2014)
Yuxin, D., Wei, D. Yibin, Z., Chenglong, X.: Malicious code detection using OpCode running tree representation. In: 2014 Ninth International Conference on P2P, Parallel, Grid, Cloud and Internet Computing, Guangdong, pp. 616–621 (2014)
Lu, R.: Malware detection with LSTM using OpCode language (2019)
Kephart, J.O., Sorkin, G.B., Arnold, W.C., Chess, D.M. Tesauro, G.J., White, S.R.: Biologically inspired defenses against computer viruses. In: Proceedings of the 14th International Joint Conference on Artificial Intelligence, vol. 1, pp. 985–996. Morgan Kaufmann (1995)
Schultz, M., Eskin, E., Zadok, F., Stolfo, S.: Data mining methods for detection of new malicious executables. In: Proceedings IEEE Symposium on Security and Privacy, pp. 38–49 (2001)
Abou-Assaleh, T., Cercone, N., Keselj, V., Sweidan, R.: N-gram-based detection of new malicious code. In: Proceedings of the 28th Annual International Computer Software and Applications Conference. IEEE (2004)
Shafiq, M.Z., Khayam, S.A., Farooq, M.: Embedded malware detection using markov n-grams. In: Zamboni, D. (ed.) DIMVA 2008. LNCS, vol. 5137, pp. 88–107. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-70542-0_5
Fang, L., Qingyu, O., Guoheng, W.: Research on N-gram-based malicious code feature extraction algorithm. In: International Conference on Computer Application & System Modeling. IEEE (2010)
Parvin, H., Minaei, B., Karshenas, H., Beigi, A.: A new N-gram feature extraction-selection method for malicious code. In: Dobnikar, A., Lotrič, U., Šter, B. (eds.) ICANNGA 2011. LNCS, vol. 6594, pp. 98–107. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-20267-4_11
Raff, E., et al.: An investigation of byte n-gram features for malware classification. J. Comput. Virol. Hacking Tech. 14(1), 1–20 (2016). https://doi.org/10.1007/s11416-016-0283-1
Zak, R., Raff, E., Nicholas, C.: What can N-gram learn for malware detection? In: 2017 12th International Conference on Malicious and Unwanted Software. IEEE (2018)
Lo, R.W., Levitt, K.N., Olsson, R.A.: MCF: a malicious code filter. Comput. Secur. 14(6), 541–566 (1995)
Bruschi, D., Martignoni, L., Monga, M.: Detecting self-mutating malware using control-flow graph matching. In: Büschkes, R., Laskov, P. (eds.) DIMVA 2006. LNCS, vol. 4064, pp. 129–143. Springer, Heidelberg (2006). https://doi.org/10.1007/11790754_8
Bonfante, G., Kaczmarek, M., Marion, J.Y.: Control flow graphs as malware signatures. WTCV, May 2007
Zhao, Z.: A virus detection scheme based on features of control flow graph. In: 2nd International Conference on Artificial Intelligence, Management Science and Electronic Commerce (AIMSEC), pp. 943–947 (2011)
Alam, S., Traore, I., Sogukpinar, I.: Annotated control flow graph for metamorphic malware detection. Comput. J. 58(10), 2608–2621 (2015)
Nguyen, M.H., Le, N.D., Nguyen, X.M., Quan, T.T.: Auto-detection of sophisticated malware using lazy-binding control flow graph and deep learning. Comput. Secur. 76, 128–155 (2018)
Ma, Z., Ge, H., Liu, Y., Zhao, M., Ma, J.: A combination method for android malware detection based on control flow graphs and machine learning algorithms. IEEE Access 7, 1 (2019)
Schultz, M.G., Eskin, E., Zadok, F., Stolfo, S.J.: Data mining methods for detection of new malicious executables. In: Proceedings of the IEEE Symposium on Security and Privacy (2001)
Masud, M.M., Khan, L., Thuraisingham, B.: A scalable multi-level feature extraction technique to detect malicious executables. Inf. Syst. Frontiers 10(1), 33–45 (2007). https://doi.org/10.1007/s10796-007-9054-3
Eskandari, M., Hashemi, S.: Metamorphic malware detection using control flow graph mining. Int. J. Compute Sci. Netw. Secur. 11, 1–6 (2011)
Eskandari, M., Hashemi, S.: A graph mining approach for detecting unknown malwares. J. Visual Lang. Comput. 23(3), 154–162 (2012)
Yan, J., Yong, Q., Qifan, R.: Detecting malware with an ensemble method based on deep neural network. Secur. Commun. Netw. 2018, 1–16 (2018)
Christodorescu, M., Jha, S., Seshia, S.A., Semantics-aware malware detection. IEEE Computer Society (2005)
Kim, K., Moon, B.R.: Malware detection based on dependency graph using hybrid genetic algorithm. In: Proceedings of the 12th Annual Conference on Genetic and Evolutionary Computation, 07–11 July (2010)
Ye, Y., et al.: Combinig file content and file relations for cloud based malware detection. In: Proceedings of the 17th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (2011)
Duen, H.C., Carey, N., Jeffrey, W., Adam, W., Christos, F.: Polonium: tera-scale graph mining for malware detection. In: Proceedings of the SIAM International Conference on Data Mining (SDM) (2011)
Acar, T., Kevin, R., Duen, H.C.: Guilt by association: large scale malware detection by mining file-relation graphs. In: Proceedings of ACM International Conference on Knowledge Discovery and Data Mining (ACM SIGKDD) (2014)
Yan, J., Qi, Y., Roa, Q.: Detecting malware with an ensemble method based on deep neural network. Secur. Commun. Netw. 2018, 1–16 (2018)
Tian, R., Islam, R., Batten, L. and Versteeg, S.: Differentiating malware from cleanwares using behavioral analysis. In: Proceedings of 5th International Conference on Malicious and Unwanted Software (2010)
Firdausi, I., Erwin, A., Nugroho, A.S.: Analysis of machine learning techniques used in behavior based malware detection. In: Proceedings of 2nd International Conference on Advances in Computing, Control and Telecommunication Technologies (2010)
Ferrante, A., Medvet, E., Mercaldo, F., Milosevic, J., Visaggio, C.A.: Spotting the malicious moment: characterizing malware behavior using dynamic features. In: 11th International Conference on Availability, Reliability and Security. IEEE (2016)
Donggao, D., Gaochao, L., Yan, M.: Variable-length sequential dynamic features-based malware detection. High tech Commun. English Version 022(004), 362–367 (2016)
Kakisim, A.G., Nar, M., Carkaci, N., Sogukpinar, I.: Analysis and evaluation of dynamic feature-based malware detection methods. In: Lanet, J.-L., Toma, C. (eds.) SECITC 2018. LNCS, vol. 11359, pp. 247–258. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-12942-2_19
Lu, Y., Din, S., Zheng, C., Gao, B.: Using multi-feature and classifier ensembles to improve malware detection. J. CCIT 39(2), 57–72 (2010)
Lee, J., Jeong, K., Lee, H.: Detecting metamorphic malwares using code graphs. In: Proceedings of the ACM Symposium on Applied Computing, USA, pp. 1970–1977. ACM (2010)
Guo, H., Pang, J., Zhang, Y., Yue, F., Zhao, R.: HERO: a novel malware detection framework based on binary translation. In: Proceedings of the IEEE International Conference on Intelligent Computing and Intelligent Systems, pp. 411–415. IEEE Xplore Press, Xiamen (2010)
Elhadi, A., Maarof, M., Osman, A.H.: Malware detection based on hybrid signature behaviour application programming interface call graph. Am. J. Appl. Sci. 9, 283–288 (2012)
Santos, I., Devesa, J., Brezo, F., Nieves, J., Bringas, P.G.: OPEM: a static-dynamic approach for machine-learningbased malware detection. In: Proceedings of the International Joint Conference CISIS 2012-ICEUTE12-SOCO12 Special Sessions, vol. 189, pp. 271–280 (2013)
Bai, J., Wang, J.: Improving malware detection using multi-view ensemble learning. Secur. Commun. Netw. 9, 4227–4241 (2016)
Zhang, J., Qin, Z., Hui, Y., Lu, O., Zhang, K.: A feature-hybrid malware variants detection using CNN based OpCode embedding and BPNN based API embedding. Comput. Secur. 84, 376–392 (2019)
Acknowledgment
This work is partly funded by the National Nature Science Foundation of China (No.61672329, No.61773246), Shandong Provincial Project of Graduate Education Quality Improvement (No. SDYY18058, No.SDYJG19171), Industry-University Cooperation and Education Project of Ministry of Education (No.201801165024, No. 201802002055, No.201901025009, No.201901140022, No.201902095002, No.201902173028, No.201902293009, No.201902009008).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Xu, B., Li, Y., Yu, X. (2020). Malware Detection Based on Static and Dynamic Features Analysis. In: Chen, X., Yan, H., Yan, Q., Zhang, X. (eds) Machine Learning for Cyber Security. ML4CS 2020. Lecture Notes in Computer Science(), vol 12486. Springer, Cham. https://doi.org/10.1007/978-3-030-62223-7_10
Download citation
DOI: https://doi.org/10.1007/978-3-030-62223-7_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-62222-0
Online ISBN: 978-3-030-62223-7
eBook Packages: Computer ScienceComputer Science (R0)