SlideShare a Scribd company logo

Basic survey on malware analysis, tools and techniques

ijcsa
ijcsa

The term malware stands for malicious software. It is a program installed on a system without the knowledge of owner of the system. It is basically installed by the third party with the intention to steal some private data from the system or simply just to play pranks. This in turn threatens the computer’s security, wherein computer are used by one’s in day-to-day life as to deal with various necessities like education, communication, hospitals, banking, entertainment etc. Different traditional techniques are used to detect and defend these malwares like Antivirus Scanner (AVS), firewalls, etc. But today malware writers are one step forward towards then Malware detectors. Day-by-day they write new malwares, which become a great challenge for malware detectors. This paper focuses on basis study of malwares and various detection techniques which can be used to detect malwares.

Technology
1 of 10
Download to read offline
International Journal on Computational Sciences & Applications (IJCSA) Vol.4, No.1, February 2014 DOI:10.5121/ijcsa.2014.4110 103 Basic survey on Malware Analysis, Tools and Techniques Dolly Uppal1 , Vishakha Mehra2 and Vinod Verma3 1,2 Department of Computer Engineering, Rajasthan Technical University, Kota 3 Asst. Prof., Department of Mechanical Engineering, Govt. Engineering College, Ajmer Abstract The term malware stands for malicious software. It is a program installed on a system without the knowledge of owner of the system. It is basically installed by the third party with the intention to steal some private data from the system or simply just to play pranks. This in turn threatens the computer’s security, wherein computer are used by one’s in day-to-day life as to deal with various necessities like education, communication, hospitals, banking, entertainment etc. Different traditional techniques are used to detect and defend these malwares like Antivirus Scanner (AVS), firewalls, etc. But today malware writers are one step forward towards then Malware detectors. Day-by-day they write new malwares, which become a great challenge for malware detectors. This paper focuses on basis study of malwares and various detection techniques which can be used to detect malwares. Keywords Malware, obfuscation, normalization, Deobfuscation, oligomorphic etc. Introduction In present century malware attackers are playing a good game over malware defenders. Malware defenders come across through thousands of new malware samples every day. Malcodes are distributed over internet through untrusted websites at an alarming rate. Often malware enters into the system through the downloaded file. Once the malware enters the system it performs malware activity and corrupt the entire system. Some of the malware can easily be detected and defended through antivirus scanners (AVS). But, today, the packers pack the malware in such a way that it plays hide and seek with the AVS and malware wins the game. So, it becomes a tuff job for the AVS to detect the malware. If the detector detects a malware in a non-infected file, it is considered as false positive. Also, if the scanner fails to detect malware in an infected file it is considered as false negative. A hit ratio is considered if the scanner detects the malware in an infected file. This paper is a survey study of basics of malware. The paper is organized as follows: Section I describes the classification of malware. Section II briefly explains the techniques to detect malware following with section III about analysis tools of malware. Section IV describes the categories of malicious software. Section V include various obfuscation techniques with section
International Journal on Computational Sciences & Applications (IJCSA) Vol.4, No.1, February 2014 104 VI highlights various deobfuscation techniques. Section VII gives brief conclusion about the paper. I. Classification of Malware Malware classification Types of malware Feature Mode of operation Damage caused The contagious threat Virus[5] A form of malware that takes unauthorized control of the infected computer and cause harm without the knowledge of the user Viruses attach themselves to a program such as executable file and its self-replicating capability spread the infection from one computer to another. Cause denial of service Performance degradation Worms Worms are standalone malicious software that can operate independently and don’t hook itself to propagate They exploit the security vulnerability by using computer [2] or network resources and spread themselves via storage devices such as USB devices, communication media such as E- mail Cause network performance issues Consume large amount of memory of systems resources The masked threat Trojan Malignant piece of software that conceal itself and behaves as a legitimate program to takes unauthorized control of the computer. Trojan does not self- replicate instead downloaded through user interaction such as downloading a file from the internet. Steal password or login details Electronic money theft Modify/delete files Monitor user activity Rootkit Rootkits are the masking techniques for malware, basically designed to conceal the malicious Can be installed through a software exploit or by a Steal password Install Keyloggers
International Journal on Computational Sciences & Applications (IJCSA) Vol.4, No.1, February 2014 105 intent of the program from the antivirus removal programs Trojan The financial threat Spyware A software negatively affect a system by keeping track of user’s activity without their consent and send back the sensitive information to creator Can be installed with other software such as freeware or dropped by Trojans Some sophisticated type of spyware captures entire network interface, digital certificate, encryption keys and other sensitive information. Keylogge rs Serious form of Spyware secretly record keystrokes, read cookies and files on the drive to gather personal details Can be installed by another malicious program or when a user visited a infected site Capture sensitive information such as username, password, credit card number or online banking details
International Journal on Computational Sciences & Applications (IJCSA) Vol.4, No.1, February 2014 106 II. Malware Detection Techniques Figure 1. Hierarchal representation of various malware detection techniques A. Static analysis detection technique It is the procedure of analyzing software without executing it. During static analysis [9] the application is break down by using reverse engineering tools and techniques, so as to re-build the source code and algorithm that the application has created. Static analysis can be done through program analyzer, debugger and disassembler. Various static analysis techniques are as follows: 1. Signature based detection technique This technique is also known as pattern matching or string or mask or fingerprinting technique. A signature is a bit of sequence injected in the application program by malware writers, which uniquely identifies a particular malware. To detect a malware in the code, the malware detector search for a previously specified signature in the code. 2. Heuristic detection technique This technique is also known as proactive technique [4]. This technique is similar to signature based technique, with a difference that instead of searching for a particular signature in the code, the malware detector now searches for the commands or instructions that are not present in the application program. The result is that, here it becomes easy to detect new variants of malware that had not yet been discovered. Different heuristic analysis techniques are: 2.1 File based heuristic analysis Also known as file analysis. In this technique, the file is analyzed deeply like the contents, purpose, destination, working of file. If the file contains commands to delete or harm other file, than it is considered as malicious. Malware detection techniques Signatur e based Heuristic detection File based Weight based Rule based Generic signature Static Analysis Dynamic Analysis Hybrid analysis
International Journal on Computational Sciences & Applications (IJCSA) Vol.4, No.1, February 2014 107 2.2Weight based heuristic analysis It is the much ancient technique. Each application is weighted according to the danger it may possess. If the weighted value exceeds the predefined threshold value, then the application contains malicious code. 2.3 Rule based heuristic analysis The analyzer, here, extracts the rules defining the application. These rules are then matched with the previously defines rules. If the rules are mismatched, then the application contains malware. 2.4 Generic signature analysis In this signature, variants of malware are detected. A variant of malware means, the malware are different in behavior but belong to same family like “identical twins”. This technique uses previously defined antivirus definition, to discover new variants of malware. Advantage of Static Analysis Static analysis is fast and safe; also it gathers the structure of code of program under inspection. If static analysis can calculate the malicious behavior in the application then this information can then be used for future security mechanism. Disadvantage of Static Analysis Static analysis does not take stand for analyzing the unknown malware. Also, the source code of many applications is not easily available. For doing static analysis, researchers must have a good knowledge of assembly language and also should have a deep understanding of functioning of operating system. B. Dynamic analysis detection technique The process of analyzing the behavior or the actions performed by the application while it is executing is called dynamic analysis [7]. Dynamic analysis can be done through monitoring function calls, tracking the information flow, analyzing function parameters and tracing the instructions. Generally a virtual machine or sandbox is used for this analysis; the doubted application is usually run into a virtual environment. If the application behaves unusually it is categorized as malicious. Nowadays, there are behavioral blocking software, which blocks malicious action of the program before their attack Advantage of Dynamic Analysis One can easily detect the unknown malware by simply analyzing the behavior of the application. Disadvantage of Dynamic Analysis This analysis takes time as the executing time of the application, so in some cases, it is not fast neither safe. Also, this analysis does not stand for the application which shows the different
International Journal on Computational Sciences & Applications (IJCSA) Vol.4, No.1, February 2014 108 behavioral changes by different triggering conditions. In short, it fails to detect multipath malware. C. Hybrid analysis detection technique This technique is the combination of both static analysis and dynamic analysis [6]. The procedure it follows it that it first checks for any malware signature if present in the code under inspection and then it monitors the behavior of the code. Hence this technique combines the advantages of both the above techniques. III. Some static analysis and dynamic analysis tools Table 1: Brief overview of some dynamic analysis tools of malware Table 2: Brief overview of some static analysis tools of malware
International Journal on Computational Sciences & Applications (IJCSA) Vol.4, No.1, February 2014 109 IV. Categories of Malicious software Encrypted Malware This approach uses the concept of encryption to prevent signature based Antivirus Scanners [10]. This approach comprises of two main parts of an encrypted malware- encrypted main body and decryptor. Each encrypted malware is made different from its signature by using different key every time. The disadvantage to this approach is that the malware can be easily detected by antivirus scanners as the decryptor consists of same code pattern. Oligomorphic Malware The most advancement to encrypted malware is oligomorphic malware. The malware authors changes the decryptorevery time, hence generating thousands of new malware. But still, it can be detected by its signature, as decryptor can replicate itself finite number of times. Polymorphic Malware The polymorphic malware is same as oligomorphic malware, with a difference that, it generates infinite number of decryptor by using different obfuscation techniques. The basic function of polymorphic malware remains the same each time it is decrypted, only the code changes. The toolkit called Mutation Engine (ME) is used in order to change non-obfuscated code to polymorphic code. One part of the code remains the same with each iteration, hence it can be easily detected by Antivirus Scanner. Metamorphic Malware Metamorphic malware [1] is written again every time with the each iteration, which makes each new malware different from its previous once. They can easily pass through AVS. As AVS scanner are unable to match any signature henceforth. Metamorphic malware are not packed malware, hence, they never leave a signature in the memory to be matched. Authors generate then by enhancing different obfuscation techniques thoroughly and strictly. V. Obfuscation technique Obfuscation is the technique, generally used by malware authors, to make source code harder to read, understand and reverse engine, and to conceal the malicious intent of the malware [3]. Figure2. Obfuscation A’ contains malicious code which is difficult to reverse engine, but it holds functionality and performs comparable to A. Basically six techniques are used for Code Obfuscation Source code (A) Obfuscation technique O (A) Obfuscated code (A’)
International Journal on Computational Sciences & Applications (IJCSA) Vol.4, No.1, February 2014 110 Dead-Code-Insertion– It is the simplest form of code obfuscation technique which can be done by inserting NOPs (No Operation Performed) or some push statement followed by pop statement in the code. Subroutine Reordering- As the name suggests, this technique randomly changes the order of subroutines in the program, hence generates K’ different malwares, where K is the number of subroutines. Code Transposition - In this, the order of instruction is changed by using statements like jmp and unconditional branch statements, which makes the code different from its naive code. Code transposition can be done in two ways. The first method is as described above. The second one generate the new variants by reordering the independent instructions, which is difficult to implement and harder to identify the malware. Instruction Substitution – This technique replaces some of the code statements with the equivalent statements. For example MOV with either Push or Pop. Code Integration – A new brief is inserted into the source code of the program in order to make the code malicious. Register reassignment – The registers of the code is replaced by the unused registers. The program code and its behavior remains the same. VI. Deobfuscation Techniques Deobfuscation is the technique, generally used by malware detectors to make malicious or packed code easier to read, understand and reverse engine and to conceal the malicious intent of the malware. Malware Normalization It is the procedure of eliminating the obfuscated code from the program to enhance the capability of the malware detector. During this process, the malware goes through the normalizer and then it is matched with its ancestors present in the database. If it is matched, then it becomes a new signature and then stored in the database. The PE code is passed through the decompression software, through which decompressed code is obtained, the code is then passed to the disassembler and disassembled code is passes through the normalizer. The code so obtained is the normalized code, which is send to the malware detector. The detector extracts the features of the malware and then is compared to the signatures of known malware present in signature repository. The comparison is done through comparison engine using sequence alignment algorithm. The possibility is that of matching maximum to maximum signature present in the repository to that of normalized code obtained. If the signature is not matched with the signature repository, then it is categorized as new signature and stored in repository.
International Journal on Computational Sciences & Applications (IJCSA) Vol.4, No.1, February 2014 111 Similarity Analysis It is the procedure of analyzing whether the code under inspection is the variant of same malware or not. Similarity analysis is done to capture a polymorphic malware by analyzing API sequence. The PE code of the program is passed to the decompressor, the obtained decompressed code is then sent to PE parser. From this binary parser, sequence of API calls is obtained, which is then used for similarity analysis. Also signature from database is used for similarity analysis. This analysis generates a value which is compared against the threshold value. If the obtained value is greater than the threshold value, then it is considered as a malware otherwise benign. CONCLUSION In this paper we had surveyed a study about various types of malware and categories of malicious software. In particular, a light has been thrown on various obfuscation and deobfuscation techniques. Although the rate hazards of new malware are increasing at an alarming rate, this Figure 4. Deobfuscation of malware using Normalization Figure 5. Measures of similarity analysis International Journal on Computational Sciences & Applications (IJCSA) Vol.4, No.1, February 2014 111 Similarity Analysis It is the procedure of analyzing whether the code under inspection is the variant of same malware or not. Similarity analysis is done to capture a polymorphic malware by analyzing API sequence. The PE code of the program is passed to the decompressor, the obtained decompressed code is then sent to PE parser. From this binary parser, sequence of API calls is obtained, which is then used for similarity analysis. Also signature from database is used for similarity analysis. This analysis generates a value which is compared against the threshold value. If the obtained value is greater than the threshold value, then it is considered as a malware otherwise benign. CONCLUSION In this paper we had surveyed a study about various types of malware and categories of malicious software. In particular, a light has been thrown on various obfuscation and deobfuscation techniques. Although the rate hazards of new malware are increasing at an alarming rate, this Figure 4. Deobfuscation of malware using Normalization Figure 5. Measures of similarity analysis International Journal on Computational Sciences & Applications (IJCSA) Vol.4, No.1, February 2014 111 Similarity Analysis It is the procedure of analyzing whether the code under inspection is the variant of same malware or not. Similarity analysis is done to capture a polymorphic malware by analyzing API sequence. The PE code of the program is passed to the decompressor, the obtained decompressed code is then sent to PE parser. From this binary parser, sequence of API calls is obtained, which is then used for similarity analysis. Also signature from database is used for similarity analysis. This analysis generates a value which is compared against the threshold value. If the obtained value is greater than the threshold value, then it is considered as a malware otherwise benign. CONCLUSION In this paper we had surveyed a study about various types of malware and categories of malicious software. In particular, a light has been thrown on various obfuscation and deobfuscation techniques. Although the rate hazards of new malware are increasing at an alarming rate, this Figure 4. Deobfuscation of malware using Normalization Figure 5. Measures of similarity analysis
International Journal on Computational Sciences & Applications (IJCSA) Vol.4, No.1, February 2014 112 paper provides a thorough study of tools for analyzing malware with a clear understanding of various countermeasures need to be adopted. REFERENCES [1] ArunLakhotia ,AdityaKapoor , Eric Uday , “Are Metamorphic Viruses Really Invincible ? Part 2” , Virus Bulletin, January 2005. [2] Robin Sharp, An Introduction to Malware, Spring 2012. Retrieved on April, 10, 2013 http://orbit.dtu.dk/fedora/objects/orbit:82364/datastreams/file_4918204/content [3] A. H. Sung, J. Xu, P. Chavez and S. Mukkamala: Static Analyzer of Vicious Executables (SAVE), Proceedings of the 20th Annual Computer Security Applications Conference (ACSAC‟04), IEEE.J.Rabek, R.Khazan, S.Lewandowski and R.Cunningham. Detection of injected, dynamically generated, and obfuscated malicious code. In Proceedings of the 2003 ACM Workshop on Rapid Malcode, pages 76–82, 2003. [4] G. McGraw and G. Morrisett. Attacking malicious code: A report to the infosec research council. IEEE Software, 17(5):33–44, 2000 [5] Muazzam AhmedSiddiqui:Data Mining Methods for Malware Detection: University of Central Florida, 2008. [6] Robiah Y, SitiRahayu S., MohdZaki M, Shahrin S., Faizal M. A., Marliza R. “A New Generic Taxonomy on Hybrid Malware Detection Technique ” (IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009 [7] SavanGadhiya,KaushalBhavshar “Techniques for Malware Analysis” Volume 3, Issue 4, April 2013 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering [8] Vasudevan, A., &Yerraballi, R., “SPiKE: Engineering Malware Analysis Tools using Unobtrusive Binary-Instrumentation”. Australasian Computer Science Conference (ACSC 2006),2006 [9] Bergeron, J., Debbabi, M., Desharnais, J., M., E., M., Lavoie, Y., &Tawbi, N. (2001). Static Detection of Malicious Code in executables programs. International Journal of Req Engineering [10] Mohammad NourSaffaf: Malware Analysis Bachelor‟s Thesis., Helsinki Metropolia University of Applied Sciences, May 27, 2009 Authors Dolly Uppal Scholar of Masters of Technology from Rajasthan Technical University, Kota, Rajasthan, India. Passed out B.Tech.From Rajasthan Technical University, Kota, Rajasthan, India in 2012. Research area: Malware Analysis VishakhaMehra Scholar of Masters of Technology from Rajasthan Technical University, Kota, Rajasthan, India. Passed out B.Tech.From Rajasthan Technical University, Kota, Rajasthan, India in 2011. Research area: Malware Analysis

Recommended

Survey on Malware Detection Techniques
Survey on Malware Detection TechniquesSurvey on Malware Detection Techniques
Survey on Malware Detection TechniquesEditor IJMTER
 
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLSA FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLSIJNSA Journal
 
Autonomic Anomaly Detection System in Computer Networks
Autonomic Anomaly Detection System in Computer NetworksAutonomic Anomaly Detection System in Computer Networks
Autonomic Anomaly Detection System in Computer Networksijsrd.com
 
Malware Bytes – Advanced Fault Analysis
Malware Bytes – Advanced Fault AnalysisMalware Bytes – Advanced Fault Analysis
Malware Bytes – Advanced Fault AnalysisIRJET Journal
 
Volume 2-issue-6-2037-2039
Volume 2-issue-6-2037-2039Volume 2-issue-6-2037-2039
Volume 2-issue-6-2037-2039Editor IJARCET
 
Bt33430435
Bt33430435Bt33430435
Bt33430435IJERA Editor
 
A SURVEY ON MALWARE DETECTION AND ANALYSIS TOOLS
A SURVEY ON MALWARE DETECTION AND ANALYSIS TOOLSA SURVEY ON MALWARE DETECTION AND ANALYSIS TOOLS
A SURVEY ON MALWARE DETECTION AND ANALYSIS TOOLSIJNSA Journal
 
Taxonomy mobile malware threats and detection techniques
Taxonomy mobile malware threats and detection techniquesTaxonomy mobile malware threats and detection techniques
Taxonomy mobile malware threats and detection techniquescsandit
 

Recommended

Survey on Malware Detection Techniques
Survey on Malware Detection TechniquesSurvey on Malware Detection Techniques
Survey on Malware Detection TechniquesEditor IJMTER
 
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLSA FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLSIJNSA Journal
 
Autonomic Anomaly Detection System in Computer Networks
Autonomic Anomaly Detection System in Computer NetworksAutonomic Anomaly Detection System in Computer Networks
Autonomic Anomaly Detection System in Computer Networksijsrd.com
 
Malware Bytes – Advanced Fault Analysis
Malware Bytes – Advanced Fault AnalysisMalware Bytes – Advanced Fault Analysis
Malware Bytes – Advanced Fault AnalysisIRJET Journal
 
Volume 2-issue-6-2037-2039
Volume 2-issue-6-2037-2039Volume 2-issue-6-2037-2039
Volume 2-issue-6-2037-2039Editor IJARCET
 
Bt33430435
Bt33430435Bt33430435
Bt33430435IJERA Editor
 
A SURVEY ON MALWARE DETECTION AND ANALYSIS TOOLS
A SURVEY ON MALWARE DETECTION AND ANALYSIS TOOLSA SURVEY ON MALWARE DETECTION AND ANALYSIS TOOLS
A SURVEY ON MALWARE DETECTION AND ANALYSIS TOOLSIJNSA Journal
 
Taxonomy mobile malware threats and detection techniques
Taxonomy mobile malware threats and detection techniquesTaxonomy mobile malware threats and detection techniques
Taxonomy mobile malware threats and detection techniquescsandit
 
Behavior Analysis Of Malicious Web Pages Through Client Honeypot For Detectio...
Behavior Analysis Of Malicious Web Pages Through Client Honeypot For Detectio...Behavior Analysis Of Malicious Web Pages Through Client Honeypot For Detectio...
Behavior Analysis Of Malicious Web Pages Through Client Honeypot For Detectio...IJERA Editor
 
IRJET- A Review on Honeypots
IRJET- A Review on HoneypotsIRJET- A Review on Honeypots
IRJET- A Review on HoneypotsIRJET Journal
 
An Extensive Survey of Intrusion Detection Systems
An Extensive Survey of Intrusion Detection SystemsAn Extensive Survey of Intrusion Detection Systems
An Extensive Survey of Intrusion Detection SystemsIRJET Journal
 
Review on mobile threats and detection techniques
Review on mobile threats and detection techniquesReview on mobile threats and detection techniques
Review on mobile threats and detection techniquesijdpsjournal
 
Intrusion Detection System - False Positive Alert Reduction Technique
Intrusion Detection System - False Positive Alert Reduction TechniqueIntrusion Detection System - False Positive Alert Reduction Technique
Intrusion Detection System - False Positive Alert Reduction TechniqueIDES Editor
 
1776 1779
1776 17791776 1779
1776 1779Editor IJARCET
 
AN IMPROVED METHOD TO DETECT INTRUSION USING MACHINE LEARNING ALGORITHMS
AN IMPROVED METHOD TO DETECT INTRUSION USING MACHINE LEARNING ALGORITHMSAN IMPROVED METHOD TO DETECT INTRUSION USING MACHINE LEARNING ALGORITHMS
AN IMPROVED METHOD TO DETECT INTRUSION USING MACHINE LEARNING ALGORITHMSieijjournal
 
Malware Classification and Analysis
Malware Classification and AnalysisMalware Classification and Analysis
Malware Classification and AnalysisPrashant Chopra
 
Current Studies On Intrusion Detection System, Genetic Algorithm And Fuzzy Logic
Current Studies On Intrusion Detection System, Genetic Algorithm And Fuzzy LogicCurrent Studies On Intrusion Detection System, Genetic Algorithm And Fuzzy Logic
Current Studies On Intrusion Detection System, Genetic Algorithm And Fuzzy Logicijdpsjournal
 
[IJET-V1I6P6] Authors: Ms. Neeta D. Birajdar, Mr. Madhav N. Dhuppe, Ms. Trupt...
[IJET-V1I6P6] Authors: Ms. Neeta D. Birajdar, Mr. Madhav N. Dhuppe, Ms. Trupt...[IJET-V1I6P6] Authors: Ms. Neeta D. Birajdar, Mr. Madhav N. Dhuppe, Ms. Trupt...
[IJET-V1I6P6] Authors: Ms. Neeta D. Birajdar, Mr. Madhav N. Dhuppe, Ms. Trupt...IJET - International Journal of Engineering and Techniques
 
Malware Detection Module using Machine Learning Algorithms to Assist in Centr...
Malware Detection Module using Machine Learning Algorithms to Assist in Centr...Malware Detection Module using Machine Learning Algorithms to Assist in Centr...
Malware Detection Module using Machine Learning Algorithms to Assist in Centr...IJNSA Journal
 
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...IJNSA Journal
 
Kx3419591964
Kx3419591964Kx3419591964
Kx3419591964IJERA Editor
 
A comprehensive study on classification of passive intrusion and extrusion de...
A comprehensive study on classification of passive intrusion and extrusion de...A comprehensive study on classification of passive intrusion and extrusion de...
A comprehensive study on classification of passive intrusion and extrusion de...csandit
 
Optimised malware detection in digital forensics
Optimised malware detection in digital forensicsOptimised malware detection in digital forensics
Optimised malware detection in digital forensicsIJNSA Journal
 
Self Evolving Antivirus Based on Neuro-Fuzzy Inference System
Self Evolving Antivirus Based on Neuro-Fuzzy Inference SystemSelf Evolving Antivirus Based on Neuro-Fuzzy Inference System
Self Evolving Antivirus Based on Neuro-Fuzzy Inference SystemIJRES Journal
 
Code obfuscation
Code obfuscationCode obfuscation
Code obfuscationbijondesai
 
Code obfuscation
Code obfuscationCode obfuscation
Code obfuscationAmol Kamble
 
Strategies for Rule-Based Program Transformation
Strategies for Rule-Based Program TransformationStrategies for Rule-Based Program Transformation
Strategies for Rule-Based Program TransformationEelco Visser
 
10 Insightful Quotes On Designing A Better Customer Experience
10 Insightful Quotes On Designing A Better Customer Experience10 Insightful Quotes On Designing A Better Customer Experience
10 Insightful Quotes On Designing A Better Customer ExperienceYuan Wang
 
How to Build a Dynamic Social Media Plan
How to Build a Dynamic Social Media PlanHow to Build a Dynamic Social Media Plan
How to Build a Dynamic Social Media PlanPost Planner
 
Learn BEM: CSS Naming Convention
Learn BEM: CSS Naming ConventionLearn BEM: CSS Naming Convention
Learn BEM: CSS Naming ConventionIn a Rocket
 

More Related Content

What's hot

Behavior Analysis Of Malicious Web Pages Through Client Honeypot For Detectio...
Behavior Analysis Of Malicious Web Pages Through Client Honeypot For Detectio...Behavior Analysis Of Malicious Web Pages Through Client Honeypot For Detectio...
Behavior Analysis Of Malicious Web Pages Through Client Honeypot For Detectio...IJERA Editor
 
IRJET- A Review on Honeypots
IRJET- A Review on HoneypotsIRJET- A Review on Honeypots
IRJET- A Review on HoneypotsIRJET Journal
 
An Extensive Survey of Intrusion Detection Systems
An Extensive Survey of Intrusion Detection SystemsAn Extensive Survey of Intrusion Detection Systems
An Extensive Survey of Intrusion Detection SystemsIRJET Journal
 
Review on mobile threats and detection techniques
Review on mobile threats and detection techniquesReview on mobile threats and detection techniques
Review on mobile threats and detection techniquesijdpsjournal
 
Intrusion Detection System - False Positive Alert Reduction Technique
Intrusion Detection System - False Positive Alert Reduction TechniqueIntrusion Detection System - False Positive Alert Reduction Technique
Intrusion Detection System - False Positive Alert Reduction TechniqueIDES Editor
 
AN IMPROVED METHOD TO DETECT INTRUSION USING MACHINE LEARNING ALGORITHMS
AN IMPROVED METHOD TO DETECT INTRUSION USING MACHINE LEARNING ALGORITHMSAN IMPROVED METHOD TO DETECT INTRUSION USING MACHINE LEARNING ALGORITHMS
AN IMPROVED METHOD TO DETECT INTRUSION USING MACHINE LEARNING ALGORITHMSieijjournal
 
Malware Classification and Analysis
Malware Classification and AnalysisMalware Classification and Analysis
Malware Classification and AnalysisPrashant Chopra
 
Current Studies On Intrusion Detection System, Genetic Algorithm And Fuzzy Logic
Current Studies On Intrusion Detection System, Genetic Algorithm And Fuzzy LogicCurrent Studies On Intrusion Detection System, Genetic Algorithm And Fuzzy Logic
Current Studies On Intrusion Detection System, Genetic Algorithm And Fuzzy Logicijdpsjournal
 
Malware Detection Module using Machine Learning Algorithms to Assist in Centr...
Malware Detection Module using Machine Learning Algorithms to Assist in Centr...Malware Detection Module using Machine Learning Algorithms to Assist in Centr...
Malware Detection Module using Machine Learning Algorithms to Assist in Centr...IJNSA Journal
 
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...IJNSA Journal
 
A comprehensive study on classification of passive intrusion and extrusion de...
A comprehensive study on classification of passive intrusion and extrusion de...A comprehensive study on classification of passive intrusion and extrusion de...
A comprehensive study on classification of passive intrusion and extrusion de...csandit
 
Optimised malware detection in digital forensics
Optimised malware detection in digital forensicsOptimised malware detection in digital forensics
Optimised malware detection in digital forensicsIJNSA Journal
 
Self Evolving Antivirus Based on Neuro-Fuzzy Inference System
Self Evolving Antivirus Based on Neuro-Fuzzy Inference SystemSelf Evolving Antivirus Based on Neuro-Fuzzy Inference System
Self Evolving Antivirus Based on Neuro-Fuzzy Inference SystemIJRES Journal
 

What's hot (16)

Behavior Analysis Of Malicious Web Pages Through Client Honeypot For Detectio...
Behavior Analysis Of Malicious Web Pages Through Client Honeypot For Detectio...Behavior Analysis Of Malicious Web Pages Through Client Honeypot For Detectio...
Behavior Analysis Of Malicious Web Pages Through Client Honeypot For Detectio...
 
IRJET- A Review on Honeypots
IRJET- A Review on HoneypotsIRJET- A Review on Honeypots
IRJET- A Review on Honeypots
 
An Extensive Survey of Intrusion Detection Systems
An Extensive Survey of Intrusion Detection SystemsAn Extensive Survey of Intrusion Detection Systems
An Extensive Survey of Intrusion Detection Systems
 
Review on mobile threats and detection techniques
Review on mobile threats and detection techniquesReview on mobile threats and detection techniques
Review on mobile threats and detection techniques
 
Intrusion Detection System - False Positive Alert Reduction Technique
Intrusion Detection System - False Positive Alert Reduction TechniqueIntrusion Detection System - False Positive Alert Reduction Technique
Intrusion Detection System - False Positive Alert Reduction Technique
 
1776 1779
1776 17791776 1779
1776 1779
 
AN IMPROVED METHOD TO DETECT INTRUSION USING MACHINE LEARNING ALGORITHMS
AN IMPROVED METHOD TO DETECT INTRUSION USING MACHINE LEARNING ALGORITHMSAN IMPROVED METHOD TO DETECT INTRUSION USING MACHINE LEARNING ALGORITHMS
AN IMPROVED METHOD TO DETECT INTRUSION USING MACHINE LEARNING ALGORITHMS
 
Malware Classification and Analysis
Malware Classification and AnalysisMalware Classification and Analysis
Malware Classification and Analysis
 
Current Studies On Intrusion Detection System, Genetic Algorithm And Fuzzy Logic
Current Studies On Intrusion Detection System, Genetic Algorithm And Fuzzy LogicCurrent Studies On Intrusion Detection System, Genetic Algorithm And Fuzzy Logic
Current Studies On Intrusion Detection System, Genetic Algorithm And Fuzzy Logic
 
[IJET-V1I6P6] Authors: Ms. Neeta D. Birajdar, Mr. Madhav N. Dhuppe, Ms. Trupt...
[IJET-V1I6P6] Authors: Ms. Neeta D. Birajdar, Mr. Madhav N. Dhuppe, Ms. Trupt...[IJET-V1I6P6] Authors: Ms. Neeta D. Birajdar, Mr. Madhav N. Dhuppe, Ms. Trupt...
[IJET-V1I6P6] Authors: Ms. Neeta D. Birajdar, Mr. Madhav N. Dhuppe, Ms. Trupt...
 
Malware Detection Module using Machine Learning Algorithms to Assist in Centr...
Malware Detection Module using Machine Learning Algorithms to Assist in Centr...Malware Detection Module using Machine Learning Algorithms to Assist in Centr...
Malware Detection Module using Machine Learning Algorithms to Assist in Centr...
 
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...
 
Kx3419591964
Kx3419591964Kx3419591964
Kx3419591964
 
A comprehensive study on classification of passive intrusion and extrusion de...
A comprehensive study on classification of passive intrusion and extrusion de...A comprehensive study on classification of passive intrusion and extrusion de...
A comprehensive study on classification of passive intrusion and extrusion de...
 
Optimised malware detection in digital forensics
Optimised malware detection in digital forensicsOptimised malware detection in digital forensics
Optimised malware detection in digital forensics
 
Self Evolving Antivirus Based on Neuro-Fuzzy Inference System
Self Evolving Antivirus Based on Neuro-Fuzzy Inference SystemSelf Evolving Antivirus Based on Neuro-Fuzzy Inference System
Self Evolving Antivirus Based on Neuro-Fuzzy Inference System
 

Viewers also liked

Code obfuscation
Code obfuscationCode obfuscation
Code obfuscationbijondesai
 
Code obfuscation
Code obfuscationCode obfuscation
Code obfuscationAmol Kamble
 
Strategies for Rule-Based Program Transformation
Strategies for Rule-Based Program TransformationStrategies for Rule-Based Program Transformation
Strategies for Rule-Based Program TransformationEelco Visser
 
10 Insightful Quotes On Designing A Better Customer Experience
10 Insightful Quotes On Designing A Better Customer Experience10 Insightful Quotes On Designing A Better Customer Experience
10 Insightful Quotes On Designing A Better Customer ExperienceYuan Wang
 
How to Build a Dynamic Social Media Plan
How to Build a Dynamic Social Media PlanHow to Build a Dynamic Social Media Plan
How to Build a Dynamic Social Media PlanPost Planner
 
Learn BEM: CSS Naming Convention
Learn BEM: CSS Naming ConventionLearn BEM: CSS Naming Convention
Learn BEM: CSS Naming ConventionIn a Rocket
 
SEO: Getting Personal
SEO: Getting PersonalSEO: Getting Personal
SEO: Getting PersonalKirsty Hulse
 

Viewers also liked (7)

Code obfuscation
Code obfuscationCode obfuscation
Code obfuscation
 
Code obfuscation
Code obfuscationCode obfuscation
Code obfuscation
 
Strategies for Rule-Based Program Transformation
Strategies for Rule-Based Program TransformationStrategies for Rule-Based Program Transformation
Strategies for Rule-Based Program Transformation
 
10 Insightful Quotes On Designing A Better Customer Experience
10 Insightful Quotes On Designing A Better Customer Experience10 Insightful Quotes On Designing A Better Customer Experience
10 Insightful Quotes On Designing A Better Customer Experience
 
How to Build a Dynamic Social Media Plan
How to Build a Dynamic Social Media PlanHow to Build a Dynamic Social Media Plan
How to Build a Dynamic Social Media Plan
 
Learn BEM: CSS Naming Convention
Learn BEM: CSS Naming ConventionLearn BEM: CSS Naming Convention
Learn BEM: CSS Naming Convention
 
SEO: Getting Personal
SEO: Getting PersonalSEO: Getting Personal
SEO: Getting Personal
 

Similar to Basic survey on malware analysis, tools and techniques

A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLSA FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLSIJNSA Journal
 
Volume 2-issue-6-2037-2039
Volume 2-issue-6-2037-2039Volume 2-issue-6-2037-2039
Volume 2-issue-6-2037-2039Editor IJARCET
 
Android Malware Detection
Android Malware DetectionAndroid Malware Detection
Android Malware DetectionIRJET Journal
 
Malware analysis and detection using reverse Engineering, Available at: www....
Malware analysis and detection using reverse Engineering, Available at: www....Malware analysis and detection using reverse Engineering, Available at: www....
Malware analysis and detection using reverse Engineering, Available at: www....Research Publish Journals (Publisher)
 
Optimised Malware Detection in Digital Forensics
Optimised Malware Detection in Digital Forensics Optimised Malware Detection in Digital Forensics
Optimised Malware Detection in Digital Forensics IJNSA Journal
 
Utilization Data Mining to Detect Spyware
Utilization Data Mining to Detect Spyware Utilization Data Mining to Detect Spyware
Utilization Data Mining to Detect Spyware IOSR Journals
 
Problems With Battling Malware Have Been Discussed, Moving...
Problems With Battling Malware Have Been Discussed, Moving...Problems With Battling Malware Have Been Discussed, Moving...
Problems With Battling Malware Have Been Discussed, Moving...Deb Birch
 
Malware Detection and Prevention
Malware Detection and PreventionMalware Detection and Prevention
Malware Detection and Preventionkamranrazzaq8
 
Unveiling the Shadows: A Comprehensive Guide to Malware Analysis for Ensuring...
Unveiling the Shadows: A Comprehensive Guide to Malware Analysis for Ensuring...Unveiling the Shadows: A Comprehensive Guide to Malware Analysis for Ensuring...
Unveiling the Shadows: A Comprehensive Guide to Malware Analysis for Ensuring...cyberprosocial
 
CHAPTER 1 MALWARE ANALYSIS PRIMER.ppt
CHAPTER 1 MALWARE ANALYSIS PRIMER.pptCHAPTER 1 MALWARE ANALYSIS PRIMER.ppt
CHAPTER 1 MALWARE ANALYSIS PRIMER.pptManjuAppukuttan2
 
Malware Protection Week5Part4-IS Revision Fall2013 .docx
Malware Protection Week5Part4-IS Revision Fall2013 .docxMalware Protection Week5Part4-IS Revision Fall2013 .docx
Malware Protection Week5Part4-IS Revision Fall2013 .docxinfantsuk
 
Malware Detection Approaches using Data Mining Techniques.pptx
Malware Detection Approaches using Data Mining Techniques.pptxMalware Detection Approaches using Data Mining Techniques.pptx
Malware Detection Approaches using Data Mining Techniques.pptxAlamgir Hossain
 
A Comprehensive Review On Intrusion Detection System And Techniques
A Comprehensive Review On Intrusion Detection System And TechniquesA Comprehensive Review On Intrusion Detection System And Techniques
A Comprehensive Review On Intrusion Detection System And TechniquesKelly Taylor
 
virus vs antivirus
virus vs antivirusvirus vs antivirus
virus vs antivirussandipslides
 
Viruses & Malware: Effects On Enterprise Networks
Viruses & Malware: Effects On Enterprise NetworksViruses & Malware: Effects On Enterprise Networks
Viruses & Malware: Effects On Enterprise NetworksDiane M. Metcalf
 
Chapter 1 malware analysis primer
Chapter 1 malware analysis primerChapter 1 malware analysis primer
Chapter 1 malware analysis primerManjuA8
 
Malware Detection Using Data Mining Techniques
Malware Detection Using Data Mining Techniques Malware Detection Using Data Mining Techniques
Malware Detection Using Data Mining Techniques Akash Karwande
 

Similar to Basic survey on malware analysis, tools and techniques (20)

A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLSA FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
 
Volume 2-issue-6-2037-2039
Volume 2-issue-6-2037-2039Volume 2-issue-6-2037-2039
Volume 2-issue-6-2037-2039
 
Android Malware Detection
Android Malware DetectionAndroid Malware Detection
Android Malware Detection
 
Malware analysis and detection using reverse Engineering, Available at: www....
Malware analysis and detection using reverse Engineering, Available at: www....Malware analysis and detection using reverse Engineering, Available at: www....
Malware analysis and detection using reverse Engineering, Available at: www....
 
Optimised Malware Detection in Digital Forensics
Optimised Malware Detection in Digital Forensics Optimised Malware Detection in Digital Forensics
Optimised Malware Detection in Digital Forensics
 
A0430104
A0430104A0430104
A0430104
 
Utilization Data Mining to Detect Spyware
Utilization Data Mining to Detect Spyware Utilization Data Mining to Detect Spyware
Utilization Data Mining to Detect Spyware
 
Problems With Battling Malware Have Been Discussed, Moving...
Problems With Battling Malware Have Been Discussed, Moving...Problems With Battling Malware Have Been Discussed, Moving...
Problems With Battling Malware Have Been Discussed, Moving...
 
Malware Detection and Prevention
Malware Detection and PreventionMalware Detection and Prevention
Malware Detection and Prevention
 
Unveiling the Shadows: A Comprehensive Guide to Malware Analysis for Ensuring...
Unveiling the Shadows: A Comprehensive Guide to Malware Analysis for Ensuring...Unveiling the Shadows: A Comprehensive Guide to Malware Analysis for Ensuring...
Unveiling the Shadows: A Comprehensive Guide to Malware Analysis for Ensuring...
 
CHAPTER 1 MALWARE ANALYSIS PRIMER.ppt
CHAPTER 1 MALWARE ANALYSIS PRIMER.pptCHAPTER 1 MALWARE ANALYSIS PRIMER.ppt
CHAPTER 1 MALWARE ANALYSIS PRIMER.ppt
 
Malware Protection Week5Part4-IS Revision Fall2013 .docx
Malware Protection Week5Part4-IS Revision Fall2013 .docxMalware Protection Week5Part4-IS Revision Fall2013 .docx
Malware Protection Week5Part4-IS Revision Fall2013 .docx
 
Antivirus
AntivirusAntivirus
Antivirus
 
Malware Detection Approaches using Data Mining Techniques.pptx
Malware Detection Approaches using Data Mining Techniques.pptxMalware Detection Approaches using Data Mining Techniques.pptx
Malware Detection Approaches using Data Mining Techniques.pptx
 
A Comprehensive Review On Intrusion Detection System And Techniques
A Comprehensive Review On Intrusion Detection System And TechniquesA Comprehensive Review On Intrusion Detection System And Techniques
A Comprehensive Review On Intrusion Detection System And Techniques
 
virus vs antivirus
virus vs antivirusvirus vs antivirus
virus vs antivirus
 
185
185185
185
 
Viruses & Malware: Effects On Enterprise Networks
Viruses & Malware: Effects On Enterprise NetworksViruses & Malware: Effects On Enterprise Networks
Viruses & Malware: Effects On Enterprise Networks
 
Chapter 1 malware analysis primer
Chapter 1 malware analysis primerChapter 1 malware analysis primer
Chapter 1 malware analysis primer
 
Malware Detection Using Data Mining Techniques
Malware Detection Using Data Mining Techniques Malware Detection Using Data Mining Techniques
Malware Detection Using Data Mining Techniques
 

Recently uploaded

Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 

Recently uploaded (20)

Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 

Basic survey on malware analysis, tools and techniques

  • 1. International Journal on Computational Sciences & Applications (IJCSA) Vol.4, No.1, February 2014 DOI:10.5121/ijcsa.2014.4110 103 Basic survey on Malware Analysis, Tools and Techniques Dolly Uppal1 , Vishakha Mehra2 and Vinod Verma3 1,2 Department of Computer Engineering, Rajasthan Technical University, Kota 3 Asst. Prof., Department of Mechanical Engineering, Govt. Engineering College, Ajmer Abstract The term malware stands for malicious software. It is a program installed on a system without the knowledge of owner of the system. It is basically installed by the third party with the intention to steal some private data from the system or simply just to play pranks. This in turn threatens the computer’s security, wherein computer are used by one’s in day-to-day life as to deal with various necessities like education, communication, hospitals, banking, entertainment etc. Different traditional techniques are used to detect and defend these malwares like Antivirus Scanner (AVS), firewalls, etc. But today malware writers are one step forward towards then Malware detectors. Day-by-day they write new malwares, which become a great challenge for malware detectors. This paper focuses on basis study of malwares and various detection techniques which can be used to detect malwares. Keywords Malware, obfuscation, normalization, Deobfuscation, oligomorphic etc. Introduction In present century malware attackers are playing a good game over malware defenders. Malware defenders come across through thousands of new malware samples every day. Malcodes are distributed over internet through untrusted websites at an alarming rate. Often malware enters into the system through the downloaded file. Once the malware enters the system it performs malware activity and corrupt the entire system. Some of the malware can easily be detected and defended through antivirus scanners (AVS). But, today, the packers pack the malware in such a way that it plays hide and seek with the AVS and malware wins the game. So, it becomes a tuff job for the AVS to detect the malware. If the detector detects a malware in a non-infected file, it is considered as false positive. Also, if the scanner fails to detect malware in an infected file it is considered as false negative. A hit ratio is considered if the scanner detects the malware in an infected file. This paper is a survey study of basics of malware. The paper is organized as follows: Section I describes the classification of malware. Section II briefly explains the techniques to detect malware following with section III about analysis tools of malware. Section IV describes the categories of malicious software. Section V include various obfuscation techniques with section
  • 2. International Journal on Computational Sciences & Applications (IJCSA) Vol.4, No.1, February 2014 104 VI highlights various deobfuscation techniques. Section VII gives brief conclusion about the paper. I. Classification of Malware Malware classification Types of malware Feature Mode of operation Damage caused The contagious threat Virus[5] A form of malware that takes unauthorized control of the infected computer and cause harm without the knowledge of the user Viruses attach themselves to a program such as executable file and its self-replicating capability spread the infection from one computer to another. Cause denial of service Performance degradation Worms Worms are standalone malicious software that can operate independently and don’t hook itself to propagate They exploit the security vulnerability by using computer [2] or network resources and spread themselves via storage devices such as USB devices, communication media such as E- mail Cause network performance issues Consume large amount of memory of systems resources The masked threat Trojan Malignant piece of software that conceal itself and behaves as a legitimate program to takes unauthorized control of the computer. Trojan does not self- replicate instead downloaded through user interaction such as downloading a file from the internet. Steal password or login details Electronic money theft Modify/delete files Monitor user activity Rootkit Rootkits are the masking techniques for malware, basically designed to conceal the malicious Can be installed through a software exploit or by a Steal password Install Keyloggers
  • 3. International Journal on Computational Sciences & Applications (IJCSA) Vol.4, No.1, February 2014 105 intent of the program from the antivirus removal programs Trojan The financial threat Spyware A software negatively affect a system by keeping track of user’s activity without their consent and send back the sensitive information to creator Can be installed with other software such as freeware or dropped by Trojans Some sophisticated type of spyware captures entire network interface, digital certificate, encryption keys and other sensitive information. Keylogge rs Serious form of Spyware secretly record keystrokes, read cookies and files on the drive to gather personal details Can be installed by another malicious program or when a user visited a infected site Capture sensitive information such as username, password, credit card number or online banking details
  • 4. International Journal on Computational Sciences & Applications (IJCSA) Vol.4, No.1, February 2014 106 II. Malware Detection Techniques Figure 1. Hierarchal representation of various malware detection techniques A. Static analysis detection technique It is the procedure of analyzing software without executing it. During static analysis [9] the application is break down by using reverse engineering tools and techniques, so as to re-build the source code and algorithm that the application has created. Static analysis can be done through program analyzer, debugger and disassembler. Various static analysis techniques are as follows: 1. Signature based detection technique This technique is also known as pattern matching or string or mask or fingerprinting technique. A signature is a bit of sequence injected in the application program by malware writers, which uniquely identifies a particular malware. To detect a malware in the code, the malware detector search for a previously specified signature in the code. 2. Heuristic detection technique This technique is also known as proactive technique [4]. This technique is similar to signature based technique, with a difference that instead of searching for a particular signature in the code, the malware detector now searches for the commands or instructions that are not present in the application program. The result is that, here it becomes easy to detect new variants of malware that had not yet been discovered. Different heuristic analysis techniques are: 2.1 File based heuristic analysis Also known as file analysis. In this technique, the file is analyzed deeply like the contents, purpose, destination, working of file. If the file contains commands to delete or harm other file, than it is considered as malicious. Malware detection techniques Signatur e based Heuristic detection File based Weight based Rule based Generic signature Static Analysis Dynamic Analysis Hybrid analysis
  • 5. International Journal on Computational Sciences & Applications (IJCSA) Vol.4, No.1, February 2014 107 2.2Weight based heuristic analysis It is the much ancient technique. Each application is weighted according to the danger it may possess. If the weighted value exceeds the predefined threshold value, then the application contains malicious code. 2.3 Rule based heuristic analysis The analyzer, here, extracts the rules defining the application. These rules are then matched with the previously defines rules. If the rules are mismatched, then the application contains malware. 2.4 Generic signature analysis In this signature, variants of malware are detected. A variant of malware means, the malware are different in behavior but belong to same family like “identical twins”. This technique uses previously defined antivirus definition, to discover new variants of malware. Advantage of Static Analysis Static analysis is fast and safe; also it gathers the structure of code of program under inspection. If static analysis can calculate the malicious behavior in the application then this information can then be used for future security mechanism. Disadvantage of Static Analysis Static analysis does not take stand for analyzing the unknown malware. Also, the source code of many applications is not easily available. For doing static analysis, researchers must have a good knowledge of assembly language and also should have a deep understanding of functioning of operating system. B. Dynamic analysis detection technique The process of analyzing the behavior or the actions performed by the application while it is executing is called dynamic analysis [7]. Dynamic analysis can be done through monitoring function calls, tracking the information flow, analyzing function parameters and tracing the instructions. Generally a virtual machine or sandbox is used for this analysis; the doubted application is usually run into a virtual environment. If the application behaves unusually it is categorized as malicious. Nowadays, there are behavioral blocking software, which blocks malicious action of the program before their attack Advantage of Dynamic Analysis One can easily detect the unknown malware by simply analyzing the behavior of the application. Disadvantage of Dynamic Analysis This analysis takes time as the executing time of the application, so in some cases, it is not fast neither safe. Also, this analysis does not stand for the application which shows the different
  • 6. International Journal on Computational Sciences & Applications (IJCSA) Vol.4, No.1, February 2014 108 behavioral changes by different triggering conditions. In short, it fails to detect multipath malware. C. Hybrid analysis detection technique This technique is the combination of both static analysis and dynamic analysis [6]. The procedure it follows it that it first checks for any malware signature if present in the code under inspection and then it monitors the behavior of the code. Hence this technique combines the advantages of both the above techniques. III. Some static analysis and dynamic analysis tools Table 1: Brief overview of some dynamic analysis tools of malware Table 2: Brief overview of some static analysis tools of malware
  • 7. International Journal on Computational Sciences & Applications (IJCSA) Vol.4, No.1, February 2014 109 IV. Categories of Malicious software Encrypted Malware This approach uses the concept of encryption to prevent signature based Antivirus Scanners [10]. This approach comprises of two main parts of an encrypted malware- encrypted main body and decryptor. Each encrypted malware is made different from its signature by using different key every time. The disadvantage to this approach is that the malware can be easily detected by antivirus scanners as the decryptor consists of same code pattern. Oligomorphic Malware The most advancement to encrypted malware is oligomorphic malware. The malware authors changes the decryptorevery time, hence generating thousands of new malware. But still, it can be detected by its signature, as decryptor can replicate itself finite number of times. Polymorphic Malware The polymorphic malware is same as oligomorphic malware, with a difference that, it generates infinite number of decryptor by using different obfuscation techniques. The basic function of polymorphic malware remains the same each time it is decrypted, only the code changes. The toolkit called Mutation Engine (ME) is used in order to change non-obfuscated code to polymorphic code. One part of the code remains the same with each iteration, hence it can be easily detected by Antivirus Scanner. Metamorphic Malware Metamorphic malware [1] is written again every time with the each iteration, which makes each new malware different from its previous once. They can easily pass through AVS. As AVS scanner are unable to match any signature henceforth. Metamorphic malware are not packed malware, hence, they never leave a signature in the memory to be matched. Authors generate then by enhancing different obfuscation techniques thoroughly and strictly. V. Obfuscation technique Obfuscation is the technique, generally used by malware authors, to make source code harder to read, understand and reverse engine, and to conceal the malicious intent of the malware [3]. Figure2. Obfuscation A’ contains malicious code which is difficult to reverse engine, but it holds functionality and performs comparable to A. Basically six techniques are used for Code Obfuscation Source code (A) Obfuscation technique O (A) Obfuscated code (A’)
  • 8. International Journal on Computational Sciences & Applications (IJCSA) Vol.4, No.1, February 2014 110 Dead-Code-Insertion– It is the simplest form of code obfuscation technique which can be done by inserting NOPs (No Operation Performed) or some push statement followed by pop statement in the code. Subroutine Reordering- As the name suggests, this technique randomly changes the order of subroutines in the program, hence generates K’ different malwares, where K is the number of subroutines. Code Transposition - In this, the order of instruction is changed by using statements like jmp and unconditional branch statements, which makes the code different from its naive code. Code transposition can be done in two ways. The first method is as described above. The second one generate the new variants by reordering the independent instructions, which is difficult to implement and harder to identify the malware. Instruction Substitution – This technique replaces some of the code statements with the equivalent statements. For example MOV with either Push or Pop. Code Integration – A new brief is inserted into the source code of the program in order to make the code malicious. Register reassignment – The registers of the code is replaced by the unused registers. The program code and its behavior remains the same. VI. Deobfuscation Techniques Deobfuscation is the technique, generally used by malware detectors to make malicious or packed code easier to read, understand and reverse engine and to conceal the malicious intent of the malware. Malware Normalization It is the procedure of eliminating the obfuscated code from the program to enhance the capability of the malware detector. During this process, the malware goes through the normalizer and then it is matched with its ancestors present in the database. If it is matched, then it becomes a new signature and then stored in the database. The PE code is passed through the decompression software, through which decompressed code is obtained, the code is then passed to the disassembler and disassembled code is passes through the normalizer. The code so obtained is the normalized code, which is send to the malware detector. The detector extracts the features of the malware and then is compared to the signatures of known malware present in signature repository. The comparison is done through comparison engine using sequence alignment algorithm. The possibility is that of matching maximum to maximum signature present in the repository to that of normalized code obtained. If the signature is not matched with the signature repository, then it is categorized as new signature and stored in repository.
  • 9. International Journal on Computational Sciences & Applications (IJCSA) Vol.4, No.1, February 2014 111 Similarity Analysis It is the procedure of analyzing whether the code under inspection is the variant of same malware or not. Similarity analysis is done to capture a polymorphic malware by analyzing API sequence. The PE code of the program is passed to the decompressor, the obtained decompressed code is then sent to PE parser. From this binary parser, sequence of API calls is obtained, which is then used for similarity analysis. Also signature from database is used for similarity analysis. This analysis generates a value which is compared against the threshold value. If the obtained value is greater than the threshold value, then it is considered as a malware otherwise benign. CONCLUSION In this paper we had surveyed a study about various types of malware and categories of malicious software. In particular, a light has been thrown on various obfuscation and deobfuscation techniques. Although the rate hazards of new malware are increasing at an alarming rate, this Figure 4. Deobfuscation of malware using Normalization Figure 5. Measures of similarity analysis International Journal on Computational Sciences & Applications (IJCSA) Vol.4, No.1, February 2014 111 Similarity Analysis It is the procedure of analyzing whether the code under inspection is the variant of same malware or not. Similarity analysis is done to capture a polymorphic malware by analyzing API sequence. The PE code of the program is passed to the decompressor, the obtained decompressed code is then sent to PE parser. From this binary parser, sequence of API calls is obtained, which is then used for similarity analysis. Also signature from database is used for similarity analysis. This analysis generates a value which is compared against the threshold value. If the obtained value is greater than the threshold value, then it is considered as a malware otherwise benign. CONCLUSION In this paper we had surveyed a study about various types of malware and categories of malicious software. In particular, a light has been thrown on various obfuscation and deobfuscation techniques. Although the rate hazards of new malware are increasing at an alarming rate, this Figure 4. Deobfuscation of malware using Normalization Figure 5. Measures of similarity analysis International Journal on Computational Sciences & Applications (IJCSA) Vol.4, No.1, February 2014 111 Similarity Analysis It is the procedure of analyzing whether the code under inspection is the variant of same malware or not. Similarity analysis is done to capture a polymorphic malware by analyzing API sequence. The PE code of the program is passed to the decompressor, the obtained decompressed code is then sent to PE parser. From this binary parser, sequence of API calls is obtained, which is then used for similarity analysis. Also signature from database is used for similarity analysis. This analysis generates a value which is compared against the threshold value. If the obtained value is greater than the threshold value, then it is considered as a malware otherwise benign. CONCLUSION In this paper we had surveyed a study about various types of malware and categories of malicious software. In particular, a light has been thrown on various obfuscation and deobfuscation techniques. Although the rate hazards of new malware are increasing at an alarming rate, this Figure 4. Deobfuscation of malware using Normalization Figure 5. Measures of similarity analysis
  • 10. International Journal on Computational Sciences & Applications (IJCSA) Vol.4, No.1, February 2014 112 paper provides a thorough study of tools for analyzing malware with a clear understanding of various countermeasures need to be adopted. REFERENCES [1] ArunLakhotia ,AdityaKapoor , Eric Uday , “Are Metamorphic Viruses Really Invincible ? Part 2” , Virus Bulletin, January 2005. [2] Robin Sharp, An Introduction to Malware, Spring 2012. Retrieved on April, 10, 2013 http://orbit.dtu.dk/fedora/objects/orbit:82364/datastreams/file_4918204/content [3] A. H. Sung, J. Xu, P. Chavez and S. Mukkamala: Static Analyzer of Vicious Executables (SAVE), Proceedings of the 20th Annual Computer Security Applications Conference (ACSAC‟04), IEEE.J.Rabek, R.Khazan, S.Lewandowski and R.Cunningham. Detection of injected, dynamically generated, and obfuscated malicious code. In Proceedings of the 2003 ACM Workshop on Rapid Malcode, pages 76–82, 2003. [4] G. McGraw and G. Morrisett. Attacking malicious code: A report to the infosec research council. IEEE Software, 17(5):33–44, 2000 [5] Muazzam AhmedSiddiqui:Data Mining Methods for Malware Detection: University of Central Florida, 2008. [6] Robiah Y, SitiRahayu S., MohdZaki M, Shahrin S., Faizal M. A., Marliza R. “A New Generic Taxonomy on Hybrid Malware Detection Technique ” (IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009 [7] SavanGadhiya,KaushalBhavshar “Techniques for Malware Analysis” Volume 3, Issue 4, April 2013 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering [8] Vasudevan, A., &Yerraballi, R., “SPiKE: Engineering Malware Analysis Tools using Unobtrusive Binary-Instrumentation”. Australasian Computer Science Conference (ACSC 2006),2006 [9] Bergeron, J., Debbabi, M., Desharnais, J., M., E., M., Lavoie, Y., &Tawbi, N. (2001). Static Detection of Malicious Code in executables programs. International Journal of Req Engineering [10] Mohammad NourSaffaf: Malware Analysis Bachelor‟s Thesis., Helsinki Metropolia University of Applied Sciences, May 27, 2009 Authors Dolly Uppal Scholar of Masters of Technology from Rajasthan Technical University, Kota, Rajasthan, India. Passed out B.Tech.From Rajasthan Technical University, Kota, Rajasthan, India in 2012. Research area: Malware Analysis VishakhaMehra Scholar of Masters of Technology from Rajasthan Technical University, Kota, Rajasthan, India. Passed out B.Tech.From Rajasthan Technical University, Kota, Rajasthan, India in 2011. Research area: Malware Analysis