Malware Analysis in Web Application Security: An Investigation and Suggestion

Malware analysis is essentially used for the identification of malware and its objectives. However, the present era has seen the process of malware analysis being used for enhancing security methods for different domains of technology. This study has attempted to analyze the current situation and status of malware analysis in web application security through some objectives. These objectives helps the authors to analyze the purpose, used methodology of malware analysis in web application security previously as well as authors select and find a prioritized technique of malware analysis through a hybrid multi criteria decision making procedure called fuzzy-Analytical Hierarchy Process. This fuzzy-AHP methodology helps the authors to find and recommend a most prioritized malware analysis techniques and type as well as suggest a ranking of various malware analysis techniques that used in web application security frequently for experts and developers use. Furthermore, second section of paper forecast the attack statistics and publication statistics of malwares and malware analysis in web application security respectively for understanding the sensitivity of topic and need of investigation. The proposed tactic intends to be an effective reckoner for web developers and facilitate in malware analysis for securing web applications. Additionally, the study also forecast the publication and attack scenario of malware and malware analysis for web application security that gives a complimentary overview of domain.

[1]  Mark Stamp,et al.  A comparison of static, dynamic, and hybrid analysis for malware detection , 2015, Journal of Computer Virology and Hacking Techniques.

[2]  Alka Agrawal,et al.  Securing Web Applications through a Framework of Source Code Analysis , 2019 .

[3]  Rajeev Kumar,et al.  An Integrated Approach of Fuzzy Logic, AHP and TOPSIS for Estimating Usable-Security of Web Applications , 2020, IEEE Access.

[4]  Rajeev Kumar,et al.  A Hybrid Model of Hesitant Fuzzy Decision-Making Analysis for Estimating Usable-Security of Software , 2020, IEEE Access.

[5]  Raees Ahmad Khan,et al.  Revisiting Software Security Risks , 2015 .

[6]  Rajeev Kumar,et al.  A Unified Fuzzy-Based Symmetrical Multi-Criteria Decision-Making Method for Evaluating Sustainable-Security of Web Applications , 2020, Symmetry.

[7]  Raees Ahmad Khan,et al.  A wake-up call for data integrity invulnerability , 2020 .

[8]  Alka Agrawal,et al.  A source code perspective framework to produce secure web applications , 2019, Computer Fraud & Security.

[9]  S. Sibi Chakkaravarthy,et al.  A Survey on malware analysis and mitigation techniques , 2019, Comput. Sci. Rev..

[10]  Rajeev Kumar,et al.  Evaluating Performance of Web Application Security Through a Fuzzy Based Hybrid Multi-Criteria Decision-Making Approach: Design Tactics Perspective , 2020, IEEE Access.

[11]  Aziz Mohaisen,et al.  AV-Meter: An Evaluation of Antivirus Scans and Labels , 2014, DIMVA.

[12]  Sven Dietrich,et al.  Detection of Intrusions and Malware, and Vulnerability Assessment , 2014, Lecture Notes in Computer Science.

[13]  Alka Agrawal,et al.  Fuzzy-Based Symmetrical Multi-Criteria Decision-Making Procedure for Evaluating the Impact of Harmful Factors of Healthcare Information Security , 2020, Symmetry.

[14]  Rajeev Kumar,et al.  Healthcare Data Breaches: Insights and Implications , 2020, Healthcare.

[15]  R. Nigel Horspool,et al.  A framework for metamorphic malware analysis and real-time detection , 2015, Comput. Secur..

[16]  Kavita Sahu,et al.  Software Security: A Risk Taxonomy , 2015 .

[17]  Juan Antonio Sicilia Montalvo,et al.  The Application of a New Secure Software Development Life Cycle (S-SDLC) with Agile Methodologies , 2019, Electronics.

[18]  Raees Ahmad Khan,et al.  Secure Serviceability of Software: Durability Perspective , 2016 .

[19]  Helen J. Wang,et al.  Content-based isolation: rethinking isolation policy design on client systems , 2013, CCS.

[20]  Khairuddin Omar,et al.  A Survey on Malware Analysis Techniques: Static, Dynamic, Hybrid and Memory Analysis , 2018, International Journal on Advanced Science, Engineering and Information Technology.

[21]  Alka Agrawal,et al.  Attribute based honey encryption algorithm for securing big data: Hadoop distributed file system perspective , 2020, PeerJ Comput. Sci..

[22]  Ravi S. Sandhu,et al.  Role-based access control: a multi-dimensional view , 1994, Tenth Annual Computer Security Applications Conference.

[23]  Rajeev Kumar,et al.  A Knowledge-Based Integrated System of Hesitant Fuzzy Set, AHP and TOPSIS for Evaluating Security-Durability of Web Applications , 2020, IEEE Access.

[24]  Tomás Pevný,et al.  Probabilistic analysis of dynamic malware traces , 2018, Comput. Secur..

[25]  Wei Zhang,et al.  Semantics-Based Online Malware Detection: Towards Efficient Real-Time Protection Against Malware , 2016, IEEE Transactions on Information Forensics and Security.

[26]  Rajeev Kumar,et al.  Managing Multimedia Big Data: Security and Privacy Perspective , 2020 .

[27]  R. Khan,et al.  USABLE-SECURITY ATTRIBUTE EVALUATION USING FUZZY ANALYTIC HIERARCHY PROCESS , 2019 .

[28]  Insup Lee,et al.  Analyzing and defending against web-based malware , 2013, CSUR.

[29]  Tansel Dökeroglu,et al.  Context-sensitive and keyword density-based supervised machine learning techniques for malicious webpage detection , 2018, Soft Computing.

[30]  Alka Agrawal,et al.  Security durability assessment through fuzzy analytic hierarchy process , 2019, PeerJ Comput. Sci..

[31]  B. K. Tripathy,et al.  A Novel Malware Analysis Framework for Malware Detection and Classification using Machine Learning Approach , 2018, ICDCN.

[32]  Alka Agrawal,et al.  Evaluating Performance of Software Durability through an Integrated Fuzzy-Based Symmetrical Method of ANP and TOPSIS , 2020, Symmetry.

[33]  Izzat Alsmadi,et al.  The malware detection challenge of accuracy , 2016, 2016 2nd International Conference on Open Source Software Computing (OSSCOM).

[34]  Md. Rafiqul Islam,et al.  A Survey on Mining Program-Graph Features for Malware Analysis , 2014, SecureComm.

[35]  Daniel A. Keim,et al.  A Survey of Visualization Systems for Malware Analysis , 2015, EuroVis.

[36]  Alka Agrawal,et al.  A Fuzzy Multi-Objective Covering-based Security Quantification Model for Mitigating Risk of Web based Medical Image Processing System , 2020 .

[37]  Yong Wang,et al.  MalDAE: Detecting and explaining malware based on correlation and fusion of static and dynamic characteristics , 2019, Comput. Secur..

[38]  William K. Robertson,et al.  Overhaul: Input-Driven Access Control for Better Privacy on Traditional Operating Systems , 2016, 2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[39]  Tsutomu Matsumoto,et al.  Vulnerability in Public Malware Sandbox Analysis Systems , 2010, 2010 10th IEEE/IPSJ International Symposium on Applications and the Internet.

[40]  Alka Agrawal,et al.  Software Security Estimation Using the Hybrid Fuzzy ANP-TOPSIS Approach: Design Tactics Perspective , 2020, Symmetry.

[41]  Rajeev Kumar,et al.  Multi-level Fuzzy system for usable-security assessment , 2019, J. King Saud Univ. Comput. Inf. Sci..

[42]  Saeed Parsa,et al.  Analysis and classification of context-based malware behavior , 2019, Comput. Commun..

[43]  Alka Agrawal,et al.  A Framework for Producing Effective and Efficient Secure Code through Malware Analysis , 2020 .

[44]  Jun Liu,et al.  Analysis of malware application based on massive network traffic , 2016, China Communications.

[45]  Joshua Saxe,et al.  CrowdSource: Automated inference of high level malware functionality from low-level symbols using a crowd trained machine learning model , 2014, 2014 9th International Conference on Malicious and Unwanted Software: The Americas (MALWARE).

[46]  Dhirendra Pandey,et al.  USABLE-SECURITY ASSESSMENT THROUGH A DECISION MAKING PROCEDURE , 2019 .

[47]  Youki Kadobayashi,et al.  Term-Rewriting Deobfuscation for Static Client-Side Scripting Malware Detection , 2011, 2011 4th IFIP International Conference on New Technologies, Mobility and Security.

[48]  Norafida Bte Ithnin,et al.  Survey on Representation Techniques for Malware Detection System , 2017 .

[49]  Ali Hamzeh,et al.  A survey on heuristic malware detection techniques , 2013, The 5th Conference on Information and Knowledge Technology.

[50]  Juan Antonio Sicilia,et al.  Systematic Approach to Malware Analysis (SAMA) , 2020, Applied Sciences.

[51]  Raees Ahmad Khan,et al.  Fuzzy Analytic Hierarchy Process for Software Durability: Security Risks Perspective , 2017 .

[52]  Rabia Tahir,et al.  A Study on Malware and Malware Detection Techniques , 2018 .

[53]  Alka Agrawal,et al.  Measuring the Sustainable-Security of Web Applications Through a Fuzzy-Based Integrated Approach of AHP and TOPSIS , 2019, IEEE Access.

[54]  Rajeev Kumar,et al.  Key Issues in Healthcare Data Integrity: Analysis and Recommendations , 2020, IEEE Access.

[55]  Mitsuaki Akiyama,et al.  Analysis of malware download sites by focusing on time series variation of malware , 2017, J. Comput. Sci..