A Survey on Malware Detection and Analysis

A Survey on Malware Detection and Analysis

Authors

  • Joshua Smallman Senior Manager, IT & Security Operations, Modsquad, California, USA

DOI:

https://doi.org/10.55662/JST.2024.5401

Downloads

Keywords:

Malware, Malware Detection, Data Mining, Signature-Based Detection, Behaviour-Based Detection, Artificial Intelligence, Intrusion Detection Systems, Static Analysis, Dynamic Analysis, Virtual Machine Introspection

Abstract

Malware, or malicious software, poses a significant threat to the security and functionality of computer systems globally. This survey provides a comprehensive analysis of current malware detection and analysis methods, focusing on data mining methodologies. The study categorizes malware detection techniques into signature-based and behaviour-based approaches, highlighting their respective strengths and weaknesses. It explores heuristic techniques enhanced by artificial intelligence, including neural networks and genetic algorithms, to improve detection accuracy. The literature review examines host-based and network-based intrusion detection systems, hybrid systems, and virtual machine introspection. The paper also discusses static and dynamic analysis methods, emphasizing the importance of analysing malware in controlled environments. Through detailed examination, this survey aims to present a thorough understanding of contemporary malware detection strategies and their applications, offering insights for future advancements in the field.

Downloads

Download data is not yet available.

References

Blount, J.J., D.R. Tauritz, and S.A. Mulder. (2011) Adaptive Rule-Based Malware Detection Employing Learning Classifier Systems: A Proof of Concept. in Computer Software and Applications Conference Workshops (COMPSACW), 2011 IEEE 35th Annual. 2011. DOI: https://doi.org/10.1109/COMPSACW.2011.28

https://doi.org/10.1109/COMPSACW.2011.28 DOI: https://doi.org/10.1109/COMPSACW.2011.28

Basicevic, F., M. Popovic, and V. Kovacevic. (2005) The use of distributed network-based IDS systems in detection of evasion attacks. in Telecommunications, 2005. advanced industrial conference on telecommunications/service assurance with partial and intermittent resources conference/e-learning on telecommunications workshop. aict/sapir/elete 2005. proceedings. 2005. DOI: https://doi.org/10.1109/AICT.2005.90

https://doi.org/10.1109/AICT.2005.90 DOI: https://doi.org/10.1109/AICT.2005.90

Deepak Venugopal, G.H., (2008) Efficient signature based malware detection on mobile devices. Mob. Inf. Syst., 2008. 4(1): p. 33-49. DOI: https://doi.org/10.1155/2008/712353

https://doi.org/10.1155/2008/712353 DOI: https://doi.org/10.1155/2008/712353

Garfinkel, T. and M. Rosenblum, (2003) A virtual machine introspection based architecture for intrusion detection. 2003: p. 191--206.

Goldman, E., (2003) Dissecting Spam's Purported Harms.

H. Razeghi Borojerdi and M. Abadi. (2013) ''MalHunter: Automatic generation of multiple behavioral signatures for polymorphic malware detection,'' in Proc. ICCKE. Mashhad, Iran: Ferdowsi Univ. Mashhad, vol. 1. DOI: https://doi.org/10.1109/ICCKE.2013.6682867

https://doi.org/10.1109/ICCKE.2013.6682867 DOI: https://doi.org/10.1109/ICCKE.2013.6682867

Jiang, X., X. Wang, and D. Xu, (2007) Stealthy malware detection through vmm-based "out-of-the-box" semantic view reconstruction, in Proceedings of the 14th ACM conference on Computer and communications security. 2007, ACM: Alexandria, Virginia, USA. p. 128-138. DOI: https://doi.org/10.1145/1315245.1315262

https://doi.org/10.1145/1315245.1315262 DOI: https://doi.org/10.1145/1315245.1315262

L. Xiao, Y. Li, X. Huang, and X. Du, (2017) ''Cloud-based malware detection game for mobile devices with offloading,'' IEEE Trans. Mobile Comput., vol. 16, no. 10, pp. 2742-2750. DOI: https://doi.org/10.1109/TMC.2017.2687918

https://doi.org/10.1109/TMC.2017.2687918 DOI: https://doi.org/10.1109/TMC.2017.2687918

M. F. Zolkipli and A. Jantan, (2010) ''A framework for malware detection using combination technique and signature generation,'' in Proc. 2nd Int. Conf. Comput. Res. Develop. DOI: https://doi.org/10.1109/ICCRD.2010.25

https://doi.org/10.1109/ICCRD.2010.25 DOI: https://doi.org/10.1109/ICCRD.2010.25

Ye, D., An Agent-Based Framework for Distributed Intrusion Detections. 2009.

Yin, Heng & Song, Dawn. (2013). Dynamic Binary Analysis Platform. 10.1007/978-1-4614-5523-3_2. DOI: https://doi.org/10.1007/978-1-4614-5523-3_2

https://doi.org/10.1007/978-1-4614-5523-3_2 DOI: https://doi.org/10.1007/978-1-4614-5523-3_2

Ye, Y., et al., (2009) Intelligent file scoring system for malware detection from the gray list, in Proceedings of the 15th ACM SIGKDD international conference on Knowledge discovery and data mining, ACM: Paris, France. p. 1385-1394. DOI: https://doi.org/10.1145/1557019.1557167

https://doi.org/10.1145/1557019.1557167 DOI: https://doi.org/10.1145/1557019.1557167

A. Shabtai, U. Kanonov, Y. Elovici, C. Glezer, and Y. Weiss, (2012) ''Andromaly: A behavioral malware detection framework for Android devices,'' J. Intell. Inf. Syst., vol. 38, no. 1, pp. 161-190. DOI: https://doi.org/10.1007/s10844-010-0148-x

https://doi.org/10.1007/s10844-010-0148-x DOI: https://doi.org/10.1007/s10844-010-0148-x

Cover

Downloads

Published

10-07-2024
Citation Metrics
DOI: 10.55662/JST.2024.5401
Published: 10-07-2024

How to Cite

Smallman, J. “A Survey on Malware Detection and Analysis”. Journal of Science & Technology, vol. 5, no. 4, July 2024, pp. 1-14, doi:10.55662/JST.2024.5401.
PlumX Metrics

Issue

Vol. 5 No. 4 (2024): Journal of Science & Technology

Section

Journal Articles

License

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

License Terms

Ownership and Licensing:

Authors of this research paper submitted to the journal owned and operated by The Science Brigade Group retain the copyright of their work while granting the journal certain rights. Authors maintain ownership of the copyright and have granted the journal a right of first publication. Simultaneously, authors agreed to license their research papers under the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0) License.

License Permissions:

Under the CC BY-NC-SA 4.0 License, others are permitted to share and adapt the work, as long as proper attribution is given to the authors and acknowledgement is made of the initial publication in the Journal. This license allows for the broad dissemination and utilization of research papers.

Additional Distribution Arrangements:

Authors are free to enter into separate contractual arrangements for the non-exclusive distribution of the journal's published version of the work. This may include posting the work to institutional repositories, publishing it in journals or books, or other forms of dissemination. In such cases, authors are requested to acknowledge the initial publication of the work in this Journal.

Online Posting:

Authors are encouraged to share their work online, including in institutional repositories, disciplinary repositories, or on their personal websites. This permission applies both prior to and during the submission process to the Journal. Online sharing enhances the visibility and accessibility of the research papers.

Responsibility and Liability:

Authors are responsible for ensuring that their research papers do not infringe upon the copyright, privacy, or other rights of any third party. The Science Brigade Publishers disclaim any liability or responsibility for any copyright infringement or violation of third-party rights in the research papers.

Plaudit

Crossref
Scopus
Google Scholar
Europe PMC

License Terms

Ownership and Licensing:

Authors of this research paper submitted to the Journal of Science & Technology retain the copyright of their work while granting the journal certain rights. Authors maintain ownership of the copyright and have granted the journal a right of first publication. Simultaneously, authors agreed to license their research papers under the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0) License.

License Permissions:

Under the CC BY-NC-SA 4.0 License, others are permitted to share and adapt the work, as long as proper attribution is given to the authors and acknowledgement is made of the initial publication in the Journal of Science & Technology. This license allows for the broad dissemination and utilization of research papers.

Additional Distribution Arrangements:

Authors are free to enter into separate contractual arrangements for the non-exclusive distribution of the journal's published version of the work. This may include posting the work to institutional repositories, publishing it in journals or books, or other forms of dissemination. In such cases, authors are requested to acknowledge the initial publication of the work in the Journal of Science & Technology.

Online Posting:

Authors are encouraged to share their work online, including in institutional repositories, disciplinary repositories, or on their personal websites. This permission applies both prior to and during the submission process to the Journal of Science & Technology. Online sharing enhances the visibility and accessibility of the research papers.

Responsibility and Liability:

Authors are responsible for ensuring that their research papers do not infringe upon the copyright, privacy, or other rights of any third party. The Journal of Science & Technology and The Science Brigade Publishers disclaim any liability or responsibility for any copyright infringement or violation of third-party rights in the research papers.