Malware Essay Example


Malware is any type of software created intentionally to cause malicious effects on software-based systems such as computers, servers, and industrial control systems. \ cite {osborn2015malware} summarizes some malicious effects, such as disrupting the normal operation of the computer, collecting or eliminating sensitive information by encrypting or gaining access to the computer system.

A malware detector (more commonly known as an anti-virus program) is a specialized computer program that attempts to locate and eliminate malware. \cite{shijo2015integrated} state that detecting all kinds of malware with a high success rate is still an unsolved problem as attackers develop new kinds of malware and evasion techniques every day. Kaspersky  \cite{kasperskylab2017}, which is one of the most prominent Anti-virus vendors, states that in 2017 the number of malware they encountered attained 360000 mark in a day. \cite{vemparala2016malware} state that the vast majority of most common commercial malware detectors utilize a detection approach that relies on signatures. This signature approach involves a lookup of a pre-existing database for query signature. The success of this strategy naturally depends on how fast the database is updated with new malware samples. Therefore, the fact that an enormous amount of new malware is being produced every day makes it gradually harder for signature-based detection approach to be effective. Another approach, which is called heuristic-based malware detection in the malware research community, as defined by \cite{bazrafshan2013survey} aims to extract behavioral information of malware by primarily utilizing predictive modeling techniques such as traditional machine learning method or less commonly deep learning methods. This approach, unlike the signature-based approaches, can be successful against unseen samples from the real world. Based on these arguments, in this work, we primarily aim to study deep learning techniques on dynamic opcode input to assess its potential of becoming generalizable malware detector.  

\par

Static analysis and dynamic analysis are two well-known general forms of malware analysis. Static analysis, which is more ubiquitous than dynamic analysis, tries to identify malware under inspection before its execution using structural information (sequence of codes). For instance, signature-based method is a common form of static analysis. Static analysis can also be applied in a heuristic-based setting. Conversely, dynamic analysis attempts to identify the malware during its execution or after execution using only the runtime information such as behavior or actions of the malware. In dynamic analysis, suspected malware is executed on a virtual operating system and memory access, order of memory access, assembly instructions (opcodes) and system call statistics are analyzed. \cite{idika2007survey} claim that static techniques, while in general work quite well against most threats, code obfuscation methods, which aim to make machine code more difficult to analyze, can make the malware most of the times undetectable. As exemplified by \cite{christodorescu2006static}, junk code insertion, code transposition, code substitution are some of the common examples of code obfuscation methods.  \cite{tewarimalware} state that dynamic techniques, on the other hand, are inherently more resistant to code obfuscation methods but are more resource-intensive. This resistance stems from the fact that dynamic analysis only considers the instructions that 

Sorry,

We are glad that you like it, but you cannot copy from our website. Just insert your email and this sample will be sent to you.


By clicking “Send”, you agree to our Terms of service and Privacy statement. We will occasionally send you account related emails. x close