A survey on heuristic malware detection techniques

IKT 2013 - 2013 5th Conference on Information and Knowledge Technology

Volumn , Issue , 2013, Pages 113-120

  Bazrafshan, Zahra ^a   Hashemi, Hashem ^a   Fard, Seyed Mehdi Hazrati ^a   Hamzeh, Ali ^a  

^a SHIRAZ UNIVERSITY   (Iran)

Author keywords

API Call; Computer Security; Control Flow Graph; Malware Detection; N Gram; OpCode

Indexed keywords

API CALLS; CONTROL FLOW GRAPHS; MALWARE DETECTION; N-GRAM; OPCODE;

COMPUTER CRIME; COMPUTER NETWORKS; DATA FLOW ANALYSIS; SECURITY OF DATA; SECURITY SYSTEMS;

HEURISTIC METHODS;

EID: 84888622633     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/IKT.2013.6620049     Document Type: Conference Paper

References (47)

1. J. Aycock. "Computer Viruses and Malware,". Springer, 2006.
2. P. Szor. "The Art of Computer Virus Research and Defense,". Addison Wesley for Symantec Press, New Jersey, 2005.
3. P. Gutmann. "The Commercial Malware Industry.,", 2007.
4. KALPA, "Introduction to Malware", "http:// securityresearch.in/index.php/projects/malware
5. G. Jacob, H. Debar, and E. Filiol, "Behavioral detection of malware: from a survey towards an established taxonomy," Journal in Computer Virology, pp. 251-266, 2008.
6. A. Ahmed, E. Elhadi, M. A. Maarof and A. H. Osman, "Malware Detection Based on Hybrid Signature Behaviour Application Programming Interface Call Graph Information Assurance and Security Research Group.," Journal, A., Sciences, A., & Publications, S., Faculty of Computer Science and Information Systems, 9(3), 283-288, 2012.
7. K. Kim and B. R. Moon, "Malware detection based on dependency graph using hybrid genetic algorithm.," in Proceedings of the 12th annual conference on Genetic and evolutionary computation, July 07-11, 2010.
8. M. Schultz, E. Eskin, E. Zadok, and S. Stolfo, "Data mining methods for detection of new malicious executables.," in IEEE Symposium on Security and Privacy, pages 38-49. IEEE COMPUTER SOCIETY, 2001.
9. D. Orenstein, "Application Programming Interface (API)," Quick Study: Application Programming Interface (API), 2000.
10. S. Hofmeyr, S. Forrest, and A. Somayaji, "Intrusion detection using sequences of system calls.," Journal of Computer Security, pp. 151-180, 1998.
11. J. Bergeron, M. Debbabi, J. Desharnais, M. M. Erhioui, and N. Tawbi, "Static detection of malicious code in executable programs.," Int. J. of Req. Eng., 2001.
12. R. Sekar, M. Bendre, P. Bollineni, and D. Dhurjati, "A Fast Automaton-Based Approach for Detecting Anomalous Program Behaviors.," in IEEE Symposium on Security and Privacy, 2001.
13. A. H. Sung, J. Xu, P. Chavez, and S. Mukkamala, "Static Analyzer of Vicious Executables.," in 20th Annual Computer Security Applications Conference, pp. 326-334, 2004.
14. Y. Ye, D. Wang, T. Li, and D. Ye, "IMDS: Intelligent malware detection system," in Proc. ACM Int. Conf. Knowl. Discovery Data Mining, pp. 1043-1047, 2007.
15. Y. Ye, T. Li, Q. Jiang, and Y. Wang, "CIMDS: adapting postprocessing techniques of associative classification for malware detection," IEEE Trans. Syst., Man, Cybern. C, Vol. 40, no. 3, pp. 298-307, 2010.
16. W. Snedecor and W. Cochran, "Statistical Methods,", 8th ed. Iowa City, IA: Iowa State Univ. Press, 1989.
17. K. Jeong and H. Lee, "Code graph for malware detection. In Information Networking.," ICOIN. International Conference on, Jan 2008.
18. J. Lee, K. Jeong, and H. Lee, "Detecting metamorphic malwares using code graphs," in Proceedings of the ACM Symposium on Applied Computing, ser. New York, NY, USA: ACM, pp. 1970-1977, 2010.
19. Y. Ye, T. Li, K. Huang, Q. Jiang and Y. Chen, "Hierarchical associative classifier (HAC) for malware detection from the large and imbalanced gray list,". Journal of Intelligent Information Systems, 35(1), pp. 1-20. 2010.
20. D. Bilar, "OpCodes as predictor for malware," International Journal of Electronic Security and Digital Forensics, Vol. 1, no. 2, p. 156, 2007.
21. I. Santos, F. Brezo, J. Nieves, and Y. Penya, "Idea: OpCode-sequence-based malware detection,", Engineering Secure Software and System, 2010.
22. C. Peng, H. Long and F. Ding, "Feature selection based on mutual information: cri-teria of max-dependency, max-relevance, and min-redundancy.," in IEEE Transactions on Pattern Analysis and Machine Intelligence, 2005.
23. I. Santos, F. Brezo, X. Ugarte-Pedrero, and P. G. Bringas, "OpCode sequences as representation of executables for data-mining-based unknown malware detection," Information Sciences, Aug. 2011.
24. I. Santos, C. Laorden, and P. Bringas, "Collective classification for unknown malware detection," Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, 2011.
25. I. Santos, F. Brezo, B. Sanz, C. Laorden, and P. G. Bringas, "Using opCode sequences in single-class learning to detect unknown malware," IET Information Security, Vol. 5, no. 4, p. 220, 2011.
26. I. Santos, B. Sanz, and C. Laorden, "OpCode-sequence-based semi-supervised unknown malware detection,", Computational Intelligence in Security for Information Systems, 2011.
27. N. Runwal, R. M. Low, and M. Stamp, "OpCode graph similarity and metamorphic detection," Journal in Computer Virology, Vol. 8, no. 1-2, pp. 37-52, Apr. 2012.
28. A. Shabtai, R. Moskovitch, C. Feher, S. Dolev, and Y. Elovici, "Detecting unknown malicious code by applying classification techniques on OpCode patterns," Security Informatics, Vol. 1, no. 1, p. 1, 2012.
29. v, and R. Sweidan, "N-gram-based Detection of New Malicious Code," no. 1, 2004.
30. G. B. S. Gerald, J. Tesauro, Jeffrey O. Kephart, "Neural Network for Computer Virus Recognition.," IEEE Expert, 1996.
31. W. A. and G Tesauro, "Automatically Generated Win32 Heuristic Virus Detection," in Virus Bulletin Conference, 2000.
32. M. M. Kolter JZ, "Learning to detect malicious executables in the wild.," in roc of the 10th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, 2006.
33. J. Z. Kolter and M. A. Maloof, "Learning to Detect and Classify Malicious Executables in the Wild," Vol. 7, pp. 2721-2744, 2006.
34. T. J. Cai DM, M. Gokhale, "Comparison of feature selection and classification algorithms in identifying malicious executables," in Computational Statistics and Data Analysis, 2007.
35. E. Y. Moskovitch, D. Stopel, C. Feher, N. Nissim and N. Japkowicz, "Unknown malcode detection and the imbalance problem," journal in Computer Virology, 2009.
36. P. Jalote, "An Integrated Approach to Software Engineering,", Springer, New York, NY, 2005.
37. T. McCabe, "A complexity measure,", IEEE Transactions on Software Engineering SE-2(4): 308-320, 1976.
38. L. Tan, "TheWorst Case Execution Time Tool Challenge,", The External Test, Technical report, 2006.
39. D. Bruschi, L. Martignoni and M. Monga "Detecting self-mutating malware using control-flow graph matching," In: Büschkes, R. and Laskov, P. (eds) Detection of Intrusions and Malware & Vulnerability Assessment, Volume 4064 of LNCS, pp 129-143. Springer, Berlin. 2006.
40. Z. Zhao, "A virus detection scheme based on features of Control Flow Graph.," 2nd International Conference on Artificial Intelligence, Management Science and Electronic Commerce (AIMSEC), pages 943-947, 2011.
41. T. M. Mitchell, "Machine learning and data mining," Commun. ACM, Vol. 42, no. 11, 1999.
42. L. Breiman. "Bagging Predictors.," Machine Learning, 24(2):123-140, 1996.
43. L. Breiman. "Random Forests.," Machine Learning, 45(1):5-32, 2001.
44. G. Bonfante, M. Kaczmarek, J.Y. Marion. "Control Flow Graphs as Malware Signatures.," WTCV, May, 2007.
45. M. Eskandari and S. Hashemi "Metamorphic malware detection using control flow graph mining,". International Journal of Compute Science Network Security, pp 1-6, 2011.
46. Y. Lu, S. Din, C. Zheng and B. Gao "Using multi-feature and classifier ensembles to improve malware detection,". Journal of CCIT 39(2), 57-72. 2010.
47. Y. Ye, T. Li, S. Zhu, W. Zhuang, E. Tas, U. Gupta and M. Abdulhayoglu, "Combinig File Content and File Relations for Cloud Based Malware Detection.," Proceedings of the 17th ACM SIGKDD international conference on Knowledge discovery and data mining, 2011.