A Lifecycle Based Approach for Malware Analysis

Most of the detection approaches like Signature based, Anomaly based and Specification based are not able to analyze and detect all types of malware. Signature-based approach for malware detection has one major drawback that it cannot detect zero-day attacks. The fundamental limitation of anomaly based approach is its high false alarm rate. And specification-based detection often has difficulty to specify completely and accurately the entire set of valid behaviors a malware should exhibit. Modern malware developers try to avoid detection by using several techniques such as polymorphic, metamorphic and also some of the hiding techniques. In order to overcome these issues, we propose a new approach for malware analysis and detection that consist of the following twelve stages Inbound Scan, Inbound Attack, Spontaneous Attack, Client-Side Exploit, Egg Download, Device Infection, Local Reconnaissance, Network Surveillance, & Communications, Peer Coordination, Attack Preparation, and Malicious Outbound Propagation. These all stages will integrate together as interrelated process in our proposed approach. This approach had solved the limitations of all the three approaches by monitoring the behavioral activity of malware at each any every stage of life cycle and then finally it will give a report of the maliciousness of the files or software's.

[1]  Chang-Shing Lee,et al.  Malware behavioral analysis system: TWMAN , 2011, 2011 IEEE Symposium on Intelligent Agent (IA).

[2]  Robert K. Cunningham,et al.  A taxonomy of computer worms , 2003, WORM '03.

[3]  Christopher Krügel,et al.  A survey on automated dynamic malware-analysis techniques and tools , 2012, CSUR.

[4]  Mathieu Couture,et al.  A Testing Model for Dynamic Malware Analysis Systems , 2012, 2012 IEEE Fifth International Conference on Software Testing, Verification and Validation.

[5]  Naruemon Wattanapongsakorn,et al.  A centralized management framework of network-based Intrusion Detection and Prevention System , 2013, The 2013 10th International Joint Conference on Computer Science and Software Engineering (JCSSE).

[6]  Tao Wei,et al.  A Static Method for Detection of Information Theft Malware , 2009, 2009 Second International Symposium on Electronic Commerce and Security.

[7]  Guofei Gu,et al.  Shadow attacks: automatically evading system-call-behavior based malware detection , 2011, Journal in Computer Virology.

[8]  Aditya P. Mathur,et al.  A Survey of Malware Detection Techniques , 2007 .

[9]  Jinshu Su,et al.  iPanda: A comprehensive malware analysis tool , 2013, The International Conference on Information Networking 2013 (ICOIN).

[10]  Salvatore J. Stolfo,et al.  Data Mining Approaches for Intrusion Detection , 1998, USENIX Security Symposium.

[11]  Somesh Jha,et al.  A Layered Architecture for Detecting Malicious Behaviors , 2008, RAID.

[12]  Madihah Mohd Saudi,et al.  An Efficient Trojan Horse Classification (ETC) , 2013 .

[13]  Arun Lakhotia,et al.  Malware Analysis and attribution using Genetic Information , 2012, 2012 7th International Conference on Malicious and Unwanted Software.

[14]  Pele Li,et al.  A survey of internet worm detection and containment , 2008, IEEE Communications Surveys & Tutorials.

[15]  Aman Jantan,et al.  An approach for malware behavior identification and classification , 2011, 2011 3rd International Conference on Computer Research and Development.

[16]  Vinayak Shinde,et al.  Survey on Malware Detection Techniques , 2015 .

[17]  Mahamod Ismail,et al.  Metaware — An extensible malware detection and removal toolkit , 2011, 13th International Conference on Advanced Communication Technology (ICACT2011).

[18]  Md. Rafiqul Islam,et al.  Classification of malware based on integrated static and dynamic features , 2013, J. Netw. Comput. Appl..

[19]  Igor V. Kotenko,et al.  Malware Detection by Data Mining Techniques Based on Positionally Dependent Features , 2010, 2010 18th Euromicro Conference on Parallel, Distributed and Network-based Processing.