A Survey on Malware Detection and Analysis Tools

Abstract

The huge amounts of data and information that need to be analyzed for possible malicious intent are one of the big and significant challenges that the Web faces today. Malicious software, also referred to as malware developed by attackers, is polymorphic and metamorphic in nature which can modify the code as it spreads. In addition, the diversity and volume of their variants severely undermine the effectiveness of traditional defenses that typically use signature-based techniques and are unable to detect malicious executables previously unknown. Malware family variants share typical patterns of behavior that indicate their origin and purpose. The behavioral trends observed either statically or dynamically can be manipulated by using machine learning techniques to identify and classify unknown malware into their established families. This survey paper gives an overview of the malware detection and analysis techniques and tools. preventive measures to cope with the threats coming in the future. Features derived from analysis of malware can be used to group unknown malware and classify them into their existing families. This paper presents a review of techniques/approaches and tools for detecting and analyzing the malware executables. There has been some study performed on comparison of static, dynamic, and hybrid analysis for malware detection [8], whereas some researchers tried to bridge the static/dynamic gap [9]. Mobile technology in healthcare has also been a target of malware [10]. Few recent studies have been done on static and dynamic analysis of Android malware [11], detection using permission [12–14], based on system call sequences and LSTM [15]. studies wavelet and of disassemblers for opcode The studies that use dynamic analysis perform synthesis the semantics of obfuscated code multi-hypothesis testing analyzing quantitative data flow graph metrics using simplified call access APIs