恶意软件检测与分析工具综述

Sajedul Talukder, Zahidur Talukder
{"title":"恶意软件检测与分析工具综述","authors":"Sajedul Talukder, Zahidur Talukder","doi":"10.5121/ijnsa.2020.12203","DOIUrl":null,"url":null,"abstract":"The huge amounts of data and information that need to be analyzed for possible malicious intent are one of the big and significant challenges that the Web faces today. Malicious software, also referred to as malware developed by attackers, is polymorphic and metamorphic in nature which can modify the code as it spreads. In addition, the diversity and volume of their variants severely undermine the effectiveness of traditional defenses that typically use signature-based techniques and are unable to detect malicious executables previously unknown. Malware family variants share typical patterns of behavior that indicate their origin and purpose. The behavioral trends observed either statically or dynamically can be manipulated by using machine learning techniques to identify and classify unknown malware into their established families. This survey paper gives an overview of the malware detection and analysis techniques and tools. preventive measures to cope with the threats coming in the future. Features derived from analysis of malware can be used to group unknown malware and classify them into their existing families. This paper presents a review of techniques/approaches and tools for detecting and analyzing the malware executables. There has been some study performed on comparison of static, dynamic, and hybrid analysis for malware detection [8], whereas some researchers tried to bridge the static/dynamic gap [9]. Mobile technology in healthcare has also been a target of malware [10]. Few recent studies have been done on static and dynamic analysis of Android malware [11], detection using permission [12–14], based on system call sequences and LSTM [15]. studies wavelet and of disassemblers for opcode The studies that use dynamic analysis perform synthesis the semantics of obfuscated code multi-hypothesis testing analyzing quantitative data flow graph metrics using simplified call access APIs","PeriodicalId":93303,"journal":{"name":"International journal of network security & its applications","volume":"83 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2020-03-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"34","resultStr":"{\"title\":\"A Survey on Malware Detection and Analysis Tools\",\"authors\":\"Sajedul Talukder, Zahidur Talukder\",\"doi\":\"10.5121/ijnsa.2020.12203\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The huge amounts of data and information that need to be analyzed for possible malicious intent are one of the big and significant challenges that the Web faces today. Malicious software, also referred to as malware developed by attackers, is polymorphic and metamorphic in nature which can modify the code as it spreads. In addition, the diversity and volume of their variants severely undermine the effectiveness of traditional defenses that typically use signature-based techniques and are unable to detect malicious executables previously unknown. Malware family variants share typical patterns of behavior that indicate their origin and purpose. The behavioral trends observed either statically or dynamically can be manipulated by using machine learning techniques to identify and classify unknown malware into their established families. This survey paper gives an overview of the malware detection and analysis techniques and tools. preventive measures to cope with the threats coming in the future. Features derived from analysis of malware can be used to group unknown malware and classify them into their existing families. This paper presents a review of techniques/approaches and tools for detecting and analyzing the malware executables. There has been some study performed on comparison of static, dynamic, and hybrid analysis for malware detection [8], whereas some researchers tried to bridge the static/dynamic gap [9]. Mobile technology in healthcare has also been a target of malware [10]. Few recent studies have been done on static and dynamic analysis of Android malware [11], detection using permission [12–14], based on system call sequences and LSTM [15]. studies wavelet and of disassemblers for opcode The studies that use dynamic analysis perform synthesis the semantics of obfuscated code multi-hypothesis testing analyzing quantitative data flow graph metrics using simplified call access APIs\",\"PeriodicalId\":93303,\"journal\":{\"name\":\"International journal of network security & its applications\",\"volume\":\"83 1\",\"pages\":\"\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-03-31\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"34\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International journal of network security & its applications\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.5121/ijnsa.2020.12203\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International journal of network security & its applications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.5121/ijnsa.2020.12203","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 34

摘要

需要分析大量的数据和信息以发现可能存在的恶意意图,这是当今Web面临的重大挑战之一。恶意软件,也被称为攻击者开发的恶意软件,本质上是多态和变形的,可以在传播时修改代码。此外,其变体的多样性和数量严重破坏了传统防御的有效性,传统防御通常使用基于签名的技术,并且无法检测以前未知的恶意可执行文件。恶意软件家族的变体共享典型的行为模式,表明它们的起源和目的。静态或动态观察到的行为趋势可以通过使用机器学习技术来识别和分类未知恶意软件到其已建立的家族来操纵。这篇调查论文给出了恶意软件检测和分析技术和工具的概述。应对未来威胁的预防措施。从恶意软件分析中获得的特征可以用于对未知恶意软件进行分组,并将其分类到现有的家族中。本文介绍了检测和分析恶意软件可执行文件的技术/方法和工具。已经有一些研究对恶意软件检测的静态、动态和混合分析进行了比较[8],而一些研究人员试图弥合静态/动态差距[9]。医疗保健领域的移动技术也一直是恶意软件的攻击目标[10]。近年来,基于系统调用序列和LSTM[15]的Android恶意软件静态和动态分析[11]、使用权限进行检测[12-14]等方面的研究很少。使用动态分析的研究进行了混淆代码语义的综合,使用简化的调用访问api进行了多假设检验,分析了定量数据流图度量
本文章由计算机程序翻译,如有差异,请以英文原文为准。
A Survey on Malware Detection and Analysis Tools
The huge amounts of data and information that need to be analyzed for possible malicious intent are one of the big and significant challenges that the Web faces today. Malicious software, also referred to as malware developed by attackers, is polymorphic and metamorphic in nature which can modify the code as it spreads. In addition, the diversity and volume of their variants severely undermine the effectiveness of traditional defenses that typically use signature-based techniques and are unable to detect malicious executables previously unknown. Malware family variants share typical patterns of behavior that indicate their origin and purpose. The behavioral trends observed either statically or dynamically can be manipulated by using machine learning techniques to identify and classify unknown malware into their established families. This survey paper gives an overview of the malware detection and analysis techniques and tools. preventive measures to cope with the threats coming in the future. Features derived from analysis of malware can be used to group unknown malware and classify them into their existing families. This paper presents a review of techniques/approaches and tools for detecting and analyzing the malware executables. There has been some study performed on comparison of static, dynamic, and hybrid analysis for malware detection [8], whereas some researchers tried to bridge the static/dynamic gap [9]. Mobile technology in healthcare has also been a target of malware [10]. Few recent studies have been done on static and dynamic analysis of Android malware [11], detection using permission [12–14], based on system call sequences and LSTM [15]. studies wavelet and of disassemblers for opcode The studies that use dynamic analysis perform synthesis the semantics of obfuscated code multi-hypothesis testing analyzing quantitative data flow graph metrics using simplified call access APIs
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信