A Comprehensive Review on Malware Detection Approaches

According to the recent studies, malicious software (malware) is increasing at an alarming rate, and some malware can hide in the system by using different obfuscation techniques. In order to protect computer systems and the Internet from the malware, the malware needs to be detected before it affects a large number of systems. Recently, there have been made several studies on malware detection approaches. However, the detection of malware still remains problematic. Signature-based and heuristic-based detection approaches are fast and efficient to detect known malware, but especially signature-based detection approach has failed to detect unknown malware. On the other hand, behavior-based, model checking-based, and cloud-based approaches perform well for unknown and complicated malware; and deep learning-based, mobile devices-based, and IoT-based approaches also emerge to detect some portion of known and unknown malware. However, no approach can detect all malware in the wild. This shows that to build an effective method to detect malware is a very challenging task, and there is a huge gap for new studies and methods. This paper presents a detailed review on malware detection approaches and recent detection methods which use these approaches. Paper goal is to help researchers to have a general idea of the malware detection approaches, pros and cons of each detection approach, and methods that are used in these approaches.

[1]  Arun Lakhotia,et al.  Static verification of worm and virus behavior in binary executables using model checking , 2003, IEEE Systems, Man and Cybernetics SocietyInformation Assurance Workshop, 2003..

[2]  Wei Wang,et al.  Effective android malware detection with a hybrid model based on deep autoencoder and convolutional neural network , 2018, Journal of Ambient Intelligence and Humanized Computing.

[3]  Diomidis Spinellis,et al.  Reliable identification of bounded-length viruses is NP-complete , 2003, IEEE Trans. Inf. Theory.

[4]  Shi-Jinn Horng,et al.  A Static Malware Detection System Using Data Mining Methods , 2013, ArXiv.

[5]  Kouichi Sakurai,et al.  A behavior based malware detection scheme for avoiding false positive , 2010, 2010 6th IEEE Workshop on Secure Network Protocols.

[6]  Christopher Krügel,et al.  Exploring Multiple Execution Paths for Malware Analysis , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[7]  Zhi-hong Zuo,et al.  On the time complexity of computer viruses , 2005, IEEE Transactions on Information Theory.

[8]  M. Preda Code Obfuscation and Malware Detection by Abstract Interpretation , 2007 .

[9]  Konstantin Berlin,et al.  Deep neural network based malware detection using two dimensional binary program features , 2015, 2015 10th International Conference on Malicious and Unwanted Software (MALWARE).

[10]  Christopher Krügel,et al.  Effective and Efficient Malware Detection at the End Host , 2009, USENIX Security Symposium.

[11]  Di Wu,et al.  DeepFlow: Deep learning-based malware detection by mining Android application for abnormal usage of sensitive data , 2017, 2017 IEEE Symposium on Computers and Communications (ISCC).

[12]  Peter Szor,et al.  HUNTING FOR METAMORPHIC , 2001 .

[13]  Yanfang Ye,et al.  CIMDS: Adapting Postprocessing Techniques of Associative Classification for Malware Detection , 2010, IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews).

[14]  Arun Kumar Sangaiah,et al.  MALDC: a depth detection method for malware based on behavior chains , 2019, World Wide Web.

[15]  John C. S. Lui,et al.  Droid Analytics: A Signature Based Analytic System to Collect, Extract, Analyze and Associate Android Malware , 2013, 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications.

[16]  J. L. Hodges,et al.  Discriminatory Analysis - Nonparametric Discrimination: Small Sample Performance , 1952 .

[17]  Jean-Yves Marion,et al.  On behavioral detection , 2009 .

[18]  Christian Esposito,et al.  Metamorphic malicious code behavior detection using probabilistic inference methods , 2019, Cognitive Systems Research.

[19]  Stefan Katzenbeisser,et al.  Proactive Detection of Computer Worms Using Model Checking , 2010, IEEE Transactions on Dependable and Secure Computing.

[20]  Antonella Santone,et al.  Identification of Android Malware Families with Model Checking , 2016, ICISSP.

[21]  Karan Bajaj,et al.  A hybrid pattern based text mining approach for malware detection using DBScan , 2016, CSI Transactions on ICT.

[22]  Aditya P. Mathur,et al.  A Survey of Malware Detection Techniques , 2007 .

[23]  Curtis B. Storlie,et al.  Graph-based malware detection using dynamic analysis , 2011, Journal in Computer Virology.

[24]  Andrew Honig,et al.  Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software , 2012 .

[25]  Yang Liu,et al.  A multi-view context-aware approach to Android malware detection and malicious code localization , 2017, Empirical Software Engineering.

[26]  Hyrum S. Anderson,et al.  EMBER: An Open Dataset for Training Static PE Malware Machine Learning Models , 2018, ArXiv.

[27]  Yuval Elovici,et al.  “Andromaly”: a behavioral malware detection framework for android devices , 2012, Journal of Intelligent Information Systems.

[28]  Salvatore J. Stolfo,et al.  Data mining methods for detection of new malicious executables , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[29]  Deepak Venugopal,et al.  Efficient signature based malware detection on mobile devices , 2008, Mob. Inf. Syst..

[30]  James Newsome,et al.  Polygraph: automatically generating signatures for polymorphic worms , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[31]  Ali Hamzeh,et al.  A survey on heuristic malware detection techniques , 2013, The 5th Conference on Information and Knowledge Technology.

[32]  Tayssir Touili,et al.  Efficient Malware Detection Using Model-Checking , 2012, FM.

[33]  Rahil Hosseini,et al.  A state-of-the-art survey of malware detection approaches using data mining techniques , 2018, Human-centric Computing and Information Sciences.

[34]  Aniello Cimitile,et al.  Model Checking for Mobile Android Malware Evolution , 2017, 2017 IEEE/ACM 5th International FME Workshop on Formal Methods in Software Engineering (FormaliSE).

[35]  Eldad Eilam,et al.  Reversing: Secrets of Reverse Engineering , 2005 .

[36]  William C. Arnold,et al.  AUTOMATICALLY GENERATED WIN32 HEURISTIC VIRUS DETECTION , 2000 .

[37]  Simin Nadjm-Tehrani,et al.  Crowdroid: behavior-based malware detection system for Android , 2011, SPSM '11.

[38]  Somesh Jha,et al.  Semantics-aware malware detection , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[39]  Irfan-Ullah Awan,et al.  CloudIntell: An intelligent malware detection system , 2017, Future Gener. Comput. Syst..

[40]  Aman Jantan,et al.  A Framework for Malware Detection Using Combination Technique and Signature Generation , 2010, 2010 Second International Conference on Computer Research and Development.

[41]  Frederick B. Cohen,et al.  A formal definition of computer worms and some related results , 1992, Comput. Secur..

[42]  Wenyi Huang,et al.  MtNet: A Multi-Task Neural Network for Dynamic Malware Classification , 2016, DIMVA.

[43]  Ali A. Ghorbani,et al.  A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[44]  Ainuddin Wahid Abdul Wahab,et al.  A review on feature selection in mobile malware detection , 2015, Digit. Investig..

[45]  Konrad Rieck,et al.  DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket , 2014, NDSS.

[46]  Luke Jones,et al.  Heuristic malware detection via basic block comparison , 2013, 2013 8th International Conference on Malicious and Unwanted Software: "The Americas" (MALWARE).

[47]  Jean-Yves Marion,et al.  Abstraction-Based Malware Analysis Using Rewriting and Model Checking , 2012, ESORICS.

[48]  Lorenzo Martignoni,et al.  A Framework for Behavior-Based Malware Analysis in the Cloud , 2009, ICISS.

[49]  Patrick D. McDaniel,et al.  Adversarial Perturbations Against Deep Neural Networks for Malware Classification , 2016, ArXiv.

[50]  Peter Szor,et al.  The Art of Computer Virus Research and Defense , 2005 .

[51]  Witawas Srisa-an,et al.  Significant Permission Identification for Machine-Learning-Based Android Malware Detection , 2018, IEEE Transactions on Industrial Informatics.

[52]  Alireza Souri,et al.  A Data Mining Classification Approach for Behavioral Malware Detection , 2016, J. Comput. Networks Commun..

[53]  Md. Rafiqul Islam,et al.  Classification of malware based on integrated static and dynamic features , 2013, J. Netw. Comput. Appl..

[54]  Leonard M. Adleman,et al.  An Abstract Theory of Computer Viruses , 1988, CRYPTO.

[55]  Liang Xiao,et al.  Cloud-Based Malware Detection Game for Mobile Devices with Offloading , 2017, IEEE Transactions on Mobile Computing.

[56]  Tzi-cker Chiueh,et al.  Automatic Generation of String Signatures for Malware Detection , 2009, RAID.

[57]  Ali Dehghantanha,et al.  Intelligent OS X malware threat detection with code inspection , 2018, Journal of Computer Virology and Hacking Techniques.

[58]  Mahdi Abadi,et al.  MalHunter: Automatic generation of multiple behavioral signatures for polymorphic malware detection , 2013, ICCKE 2013.

[59]  Ram Mahesh Yadav,et al.  Effective analysis of malware detection in cloud computing , 2019, Comput. Secur..

[60]  Nick Feamster,et al.  Behavioral Clustering of HTTP-Based Malware and Signature Generation Using Malicious Network Traces , 2010, NSDI.

[61]  Helmut Veith,et al.  Using Verification Technology to Specify and Detect Malware , 2007, EUROCAST.

[62]  Claudia Eckert,et al.  Adversarial Malware Binaries: Evading Deep Learning for Malware Detection in Executables , 2018, 2018 26th European Signal Processing Conference (EUSIPCO).

[63]  Ayumu Kubota,et al.  Kernel-based Behavior Analysis for Android Malware Detection , 2011, 2011 Seventh International Conference on Computational Intelligence and Security.

[64]  Wei Zhang,et al.  Semantics-Based Online Malware Detection: Towards Efficient Real-Time Protection Against Malware , 2016, IEEE Transactions on Information Forensics and Security.

[65]  Mansour Ahmadi,et al.  Microsoft Malware Classification Challenge , 2018, ArXiv.

[66]  Yi-Ming Chen,et al.  A System Call Analysis Method with MapReduce for Malware Detection , 2011, 2011 IEEE 17th International Conference on Parallel and Distributed Systems.

[67]  Nirwan Ansari,et al.  Revealing Packed Malware , 2008, IEEE Security & Privacy.

[68]  Sattar Hashemi,et al.  A graph mining approach for detecting unknown malwares , 2012, J. Vis. Lang. Comput..

[69]  Ali Dehghantanha,et al.  Detecting crypto-ransomware in IoT networks based on energy consumption footprint , 2018, J. Ambient Intell. Humaniz. Comput..

[70]  Gianluca Dini,et al.  MADAM: Effective and Efficient Behavior-based Android Malware Detection and Prevention , 2018, IEEE Transactions on Dependable and Secure Computing.

[71]  Steve R. White,et al.  An Undetectable Computer Virus , 2000 .

[72]  Tayssir Touili,et al.  Pushdown Model Checking for Malware Detection , 2012, TACAS.

[73]  Christopher Krügel,et al.  AccessMiner: using system-centric models for malware protection , 2010, CCS '10.

[74]  Xin Li,et al.  DeepAM: a heterogeneous deep learning framework for intelligent malware detection , 2018, Knowledge and Information Systems.

[75]  Rajkumar Buyya,et al.  CloudEyes: Cloud‐based malware detection with reversible sketch for resource‐constrained internet of things (IoT) devices , 2017, Softw. Pract. Exp..

[76]  Ali A. Ghorbani,et al.  Towards a Network-Based Framework for Android Malware Detection and Characterization , 2017, 2017 15th Annual Conference on Privacy, Security and Trust (PST).

[77]  Daniel Bilar,et al.  Opcodes as predictor for malware , 2007, Int. J. Electron. Secur. Digit. Forensics.

[78]  Mourad Debbabi,et al.  MalDy: Portable, data-driven malware detection using natural language processing and machine learning techniques on behavioral analysis reports , 2018, Digit. Investig..

[79]  Tao Li,et al.  An intelligent PE-malware detection system based on association mining , 2008, Journal in Computer Virology.

[80]  Ömer Aslan,et al.  Investigation of Possibilities to Detect Malware Using Existing Tools , 2017, 2017 IEEE/ACS 14th International Conference on Computer Systems and Applications (AICCSA).

[81]  Douglas S. Reeves,et al.  Deriving common malware behavior through graph clustering , 2011, ASIACCS '11.

[82]  Kouichi Sakurai,et al.  Lightweight Classification of IoT Malware Based on Image Recognition , 2018, 2018 IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC).

[83]  Fred Cohen,et al.  Computer viruses—theory and experiments , 1990 .

[84]  Khalid Mohamed Abdelrahman y Alzarooni,et al.  Malware variant detection , 2012 .

[85]  Zhenlong Yuan,et al.  Droid-Sec: deep learning in android malware detection , 2015, SIGCOMM 2015.

[86]  Engin Kirda,et al.  A View on Current Malware Behaviors , 2009, LEET.

[87]  Muttukrishnan Rajarajan,et al.  Employing Program Semantics for Malware Detection , 2015, IEEE Transactions on Information Forensics and Security.

[88]  Yong Tang,et al.  Using a bioinformatics approach to generate accurate exploit-based signatures for polymorphic worms , 2009, Comput. Secur..

[89]  Yang Liu,et al.  Context-Aware, Adaptive, and Scalable Android Malware Detection Through Online Learning , 2017, IEEE Transactions on Emerging Topics in Computational Intelligence.

[90]  Yoseba K. Penya,et al.  N-grams-based File Signatures for Malware Detection , 2009, ICEIS.

[91]  Stefan Katzenbeisser,et al.  Detecting Malicious Code by Model Checking , 2005, DIMVA.

[92]  Yoshua. Bengio,et al.  Learning Deep Architectures for AI , 2007, Found. Trends Mach. Learn..

[93]  Yaser Alosefer,et al.  Analysing web-based malware behaviour through client honeypots , 2012 .

[94]  R. Nigel Horspool,et al.  A framework for metamorphic malware analysis and real-time detection , 2015, Comput. Secur..

[95]  David Brumley,et al.  SplitScreen: Enabling efficient, distributed malware detection , 2010, Journal of Communications and Networks.

[96]  Radu State,et al.  Malware behaviour analysis , 2008, Journal in Computer Virology.

[97]  Jack W. Stokes,et al.  Large-scale malware classification using random projections and neural networks , 2013, 2013 IEEE International Conference on Acoustics, Speech and Signal Processing.

[98]  Divya Bansal,et al.  Malware Analysis and Classification: A Survey , 2014 .

[99]  Lionel C. Briand,et al.  A scalable approach for malware detection through bounded feature space behavior modeling , 2013, 2013 28th IEEE/ACM International Conference on Automated Software Engineering (ASE).

[100]  Ratan K. Guha,et al.  Detecting Obfuscated Viruses Using Cosine Similarity Analysis , 2007, First Asia International Conference on Modelling & Simulation (AMS'07).

[101]  Jinshu Su,et al.  RScam: Cloud-Based Anti-Malware via Reversible Sketch , 2015, SecureComm.

[102]  Yanfang Ye,et al.  Combining file content and file relations for cloud based malware detection , 2011, KDD.

[103]  Jianping Yin,et al.  Malicious Codes Detection Based on Ensemble Learning , 2007, ATC.

[104]  Lawrie Brown,et al.  Computer Security: Principles and Practice , 2007 .

[105]  A. Kohn [Computer viruses]. , 1989, Harefuah.