A comparison of static, dynamic, and hybrid analysis for malware detection

被引：204

作者：

Damodaran A. ^{[1
]}

Troia F.D. ^{[2
]}

Visaggio C.A. ^{[2
]}

Austin T.H. ^{[1
]}

Stamp M. ^{[1
]}

机构：

[1] Department of Computer Science, San Jose State University, San Jose

[2] Department of Engineering, Università degli Studi del Sannio, Benevento

来源：

Journal of Computer Virology and Hacking Techniques | 2017年 / 13卷 / 1期

关键词：

Receiver Operating Characteristic Curve; Hide Markov Model; Control Flow Graph; Precision Recall Curve; Signature Base Detection;

D O I：

10.1007/s11416-015-0261-z

中图分类号：

学科分类号：

摘要：

In this research, we compare malware detection techniques based on static, dynamic, and hybrid analysis. Specifically, we train Hidden Markov Models (HMMs) on both static and dynamic feature sets and compare the resulting detection rates over a substantial number of malware families. We also consider hybrid cases, where dynamic analysis is used in the training phase, with static techniques used in the detection phase, and vice versa. In our experiments, a fully dynamic approach generally yields the best detection rates. We discuss the implications of this research for malware detection based on hybrid techniques. © 2015, Springer-Verlag France.

引用

页码：1 / 12

页数：11

共 36 条

[1] Ahmed F., Using spatio-temporal information in API calls with machine learning algorithms for malware detection, ACM Workshop on Security and Artificial Intelligence, (2009)
[2] Anderson B., Et al., Graph-based malware detection using dynamic analysis, J. Comput. Virol., 7, 4, pp. 247-258, (2011)
[3] Annachhatre C., Austin T.H., Stamp M., Hidden Markov models for malware classification, J. Comput. Virol. Hack. Tech., 11, 2, pp. 59-73, (2014)
[4] Attaluri S., McGhee S., Stamp M., Profile Hidden Markov Models and metamorphic virus detection, J. Comput. Virol., 5, 2, pp. 151-169, (2009)
[5] Aycock J., Computer Viruses and Malware, (2006)
[6] Baysa D., Low R.M., Stamp M., Structural entropy and metamorphic malware, J. Comput. Virol. Hack. Tech., 9, 4, pp. 179-192, (2013)
[7] Borello J., Me L., Code obfuscation techniques for metamorphic viruses, J. Comput. Virol., 4, 3, pp. 211-220, (2008)
[8] Bradley A.P., The use of the area under the ROC curve in the evaluation of machine learning algorithms, J. Pattern Recogn., 30, 7, pp. 1145-1159, (1997)
[9] Static analysis of executables to detect malicious patterns, Proceeding of USENIX Security Symposium, pp. 169-186
[10] Dai J., Guha R., Lee J., Efficient virus detection using dynamic instruction sequences, J. Comput., 4, 5, pp. 405-414, (2009)

← 1 2 3 4 →