Abstract
Problem statement: A malware is a program that has malicious intent. Nowadays, malware authors apply several sophisticated techniques such as packing and obfuscation to avoid malware detection. That makes zero-day attacks and false positives the most challenging problems in the malware detection field. Approach: In this study, the static and dynamic analysis techniques that are used in malware detection are surveyed. Static analysis techniques, dynamic analysis techniques and their combination including Signature-Based and Behaviour-Based techniques are discussed. Results: In addition, a new malware detection framework is proposed. Conclusion: The proposed framework combines Signature-Based with Behaviour-Based using API graph system. The goal of the proposed framework is to improve accuracy and scan process time for malware detection.
Highlights
Trojan horses masquerade as useful programs, but contain malicious code to attack the system or leak data
Guo et al (2010) proposed a framework that combined static and dynamic binary translation features to detect malware and prevent its execution. They apply behavior Control Flow Graph (CFG) and critical Application Programming Interface (API) Graph based on Control Flow Graphs (CFGs) is generated to do sub-graph matching
The above works compare graph using different will be by removing unused instruction and focus on popular API call used by the common subgraph
Summary
It is the type of software that is designed with a harmful intent in mind. It comes in many forms such as Viruses, Worms, Trojan horses, Backdoors, Spyware, Rootkits, botnet in addition to other types of software with unwanted behavior (Wang, 2006). Trojan horses masquerade as useful programs, but contain malicious code to attack the system or leak data. Spyware is a useful software package that transmits private user data to an external entity. The malware detector attempts to help protect the system by detecting malicious behavior. Once the malware detector has the knowledge of what is considered malware behavior (abnormal behavior) and the program under inspection, it can employ its detection technique to decide if the program is malware or benign. Information Assurance and Security Research Group, Faculty of Computer Science and Information Systems, University Technology, 81310, Malaysia 283
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
