A comparison of static, dynamic, and hybrid analysis for malware detection

被引：204

作者：

Damodaran A. ^{[1
]}

Troia F.D. ^{[2
]}

Visaggio C.A. ^{[2
]}

Austin T.H. ^{[1
]}

Stamp M. ^{[1
]}

机构：

[1] Department of Computer Science, San Jose State University, San Jose

[2] Department of Engineering, Università degli Studi del Sannio, Benevento

来源：

Journal of Computer Virology and Hacking Techniques | 2017年 / 13卷 / 1期

关键词：

Receiver Operating Characteristic Curve; Hide Markov Model; Control Flow Graph; Precision Recall Curve; Signature Base Detection;

D O I：

10.1007/s11416-015-0261-z

中图分类号：

学科分类号：

摘要：

In this research, we compare malware detection techniques based on static, dynamic, and hybrid analysis. Specifically, we train Hidden Markov Models (HMMs) on both static and dynamic feature sets and compare the resulting detection rates over a substantial number of malware families. We also consider hybrid cases, where dynamic analysis is used in the training phase, with static techniques used in the detection phase, and vice versa. In our experiments, a fully dynamic approach generally yields the best detection rates. We discuss the implications of this research for malware detection based on hybrid techniques. © 2015, Springer-Verlag France.

引用

页码：1 / 12

页数：11

共 36 条

[11] Damodaran A., Combining dynamic and static analysis for malware detection, Master’s report, Department of Computer Science, San Jose State University, (2015)
[12] Deshpande P., Metamorphic detection using function call graph analysis, Master’s report, Department of Computer Science, San Jose State University, (2013)
[13] Deshpande S., Park Y., Stamp M., Eigenvalue analysis for metamorphic detection, J. Comput. Virol. Hack. Techn., 10, 1, pp. 53-65, (2014)
[14] Dinaburg A., Royal P., Sharif M., Lee W., Ether: Malware analysis via hardware virtualization extensions, CCS 08, October 27–31, (2008)
[15] Egele M., Scholte T., Kirda E., Kruegel C., A survey on automated dynamic malware analysis techniques and tools, J. ACM Comput. Surv. 44(2):Article, (2012)
[16] Eskandari M., Hashemi S., A graph mining approach for detecting unknown malwares, J. Vis. Lang. Comput., 23, 3, pp. 154-162, (2012)
[17] Eskandari M., Khorshidpour Z., Hashemi S., HDM-Analyser: A hybrid analysis approach based on data mining techniques for malware detection, J. Comput. Virol. Hack. Techn., 9, 2, pp. 77-93, (2013)
[18] Eskandari M., Khorshidpur Z., Hashemi S., To incorporate sequential dynamic features in malware detection engines, Intelligence and Security Informatics Conference (EISIC), pp. 46-52, (2012)
[19] Ghahramani Z., An introduction to hidden Markov models and Bayesian networks, Int. J. Pattern Recognit. Artif. Intell., 15, 1, pp. 9-42, (2001)
[20] Jacob G., Debar H., Filiol E., Behavioral detection of malware: From a survey towards an established taxonomy, J. Comput. Virol., 4, 3, pp. 251-266, (2008)

← 1 2 3 4 →