Dynamic analysis can be effective with runtime information, such as running process or by using control flow graph that could be less prone to obfuscated malware. Theoretically, a static analysis is faster and more effective as compared to dynamic analysis due to its advantages from the information captured relating to structural properties such as sequence of byte “signatures” and anomalies in file content. On the other hand, dynamic analysis of the file is required to be conducted during its running time in order to extract characteristic actions performed by the program. Static analysis uses the syntax and structural properties of a file by disassembling the program binary in order to extract the features.
The commonly applied malware detection approaches fall under two main techniques: static and dynamic analysis. Such attacks are also called zero-day attacks. These malware are called zero-day malware (new malware) as there are zero-days between the unknown malware’s first attack and the time it is discovered.
There have been many malicious activities on the web with new attacks caused by unknown variants of existing malware that obfuscate their behaviour to evade from detection. Internet crime using such malware is affecting many businesses and people worldwide. Malware includes computer viruses, worms, potentially unwanted programs (PUP), and others that could even compromise a computer.
BEST FREE MALWARE FREE BINARY EDITOR SOFTWARE
Malicious software (malware) is a computer program that has the intention of causing harm to the operating system kernel or some security sensitive application or data without the user’s consent. Overall, the high accuracy of classification achieved with our proposed method can be visually observed since different malware families exhibit significantly dissimilar behaviour patterns. Our approach uses hybrid models wherein static and dynamic malware analysis techniques are combined effectively along with visualisation of similarity matrices in order to detect and classify zero-day malware efficiently. The prime motivation of our proposal is to identify obfuscated malware using visualisation of the extended x86 IA-32 (opcode) similarity patterns, which are hard to detect with the existing approaches. The aim of the paper is twofold: to provide a comprehensive overview of the existing visualisation techniques for detecting suspicious behaviour of systems and to design a novel visualisation using similarity matrix method for establishing malware classification accurately. This paper takes a step further in contributing to the evolving realm of visualisation techniques used in the information security field. In today’s Big Data contexts, visualisation techniques can support malware analysts going through the time-consuming process of analysing suspicious activities thoroughly. Effective analysis methods are needed to match with the scale and complexity of such a data-intensive environment. Large amounts of data collected from computer networks, servers, and mobile devices need to be analysed for malware proliferation. With the explosion of Internet of Things (IoT) worldwide, there is an increasing threat from malicious software (malware) attackers that calls for efficient monitoring of vulnerable systems.
0 kommentar(er)
