ICTACT Journal on Soft Computing

Open Access Open Access  Restricted Access Subscription Access
Open Access Open Access Open Access  Restricted Access Restricted Access Subscription Access

A State of the Art Survey on Polymorphic Malware Analysis and Detection Techniques


Affiliations
1 College of Computing and Information Sciences, Makerere University, Uganda
2 College of Science and Technology, University of Rwanda, Rwanda
     

   Subscribe/Renew Journal


Nowadays, systems are under serious security threats caused by malicious software, commonly known as malware. Such malwares are sophisticatedly created with advanced techniques that make them hard to analyse and detect, thus causing a lot of damages. Polymorphism is one of the advanced techniques by which malware change their identity on each time they attack. This paper presents a detailed systematic and critical review that explores the available literature, and outlines the research efforts that have been made in relation to polymorphic malware analysis and their detection.

Keywords

Polymorphic Malware, Static Analysis, Dynamic Analysis, Machine Learning, Malware Detection.
Subscription Login to verify subscription
User
Notifications
Font Size

  • Symantec, “Internet Security Threat Report”, Available at: https://www.itu.int/en/ITU-D/Cybersecurity/Documents/Symantec_annual_internet_threat_report_ITU2015.pdf, Accessed on 2015.

  • T. Harmonen, “Identifying Polymorphic Malware,” US. Grant, 2014.

  • R. Kaur and M. Singh, “Efficient Hybrid Technique for Detecting Zero-Day Polymorphic Worms”, Proceedings of IEEE International Advance Computing Conference, pp. 95-100, 2014.

  • S. Paul and B.K. Mishra, “PolyS: Network-based Signature Generation for Zero-Day Polymorphic Worms”, Proceedings of IEEE International Advance Computing Conference, Vol. 6, No. 4, pp. 159-163, 2013.

  • V. Naidu, “Using Different Substitution Matrices in a String- Matching Technique for Identifying Viral Polymorphic Malware Variants”, Proceedings of IEEE Congress on Evolutionary Computation, pp. 2903-2910, 2016.

  • R. Kaur and M. Singh, “A Survey on Zero-Day Polymorphic Worm Detection Techniques”, IEEE Communications Surveys and Tutorials, Vol. 16, No. 3, pp. 1520-1549, 2014.

  • S. Paul and B.K. Mishra, “Survey of Polymorphic Worm Signatures”, International Journal of u-and e-Service, Science and Technology, Vol. 7, No. 3, pp. 129-150, 2014.

  • J.B. Fraley and M. Figueroa, “Polymorphic Malware Detection using Topological Feature Extraction with Data Mining”, Proceedings of IEEE SoutheastCon, pp. 1-7, 2016.

  • V. Naidu and A. Narayanan, “Needleman-Wunsch and Smith-Waterman Algorithms for Identifying Viral Polymorphic Malware Variants”, Proceedings of IEEE 14th International Conference on Dependable, Autonomic and Secure Computing, pp. 326–333, 2016.

  • I.A. Saeed, J.B. Campus, M.A. Selamat, M. Ali and M.A. Abuagoub, “A Survey on Malware and Malware Detection Systems”, International Journal of Computer Applications, Vol. 67, No. 16, pp. 975-987, 2013.

  • B. Rad, M. Masrom and S. Ibrahim, “Camouflage in Malware: from Encryption to Metamorphism”, International Journal of Computer Science and Network Security, Vol. 12, No. 8, pp. 74-83, 2012.

  • M. Chau, G. Alan Wang and H. Chen, “A Syntactic Approach for Detecting Viral Polymorphic Malware Variants”, Proceedings of Pacific-Asia Workshop on Intelligence and Security Informatics, pp. 146-165, 2016.

  • S. Cesare, Y. Xiang and W. Zhou, “Malwise-an Effective and Efficient Classification System for Packed and Polymorphic Malware”, IEEE Transactions on Computers, Vol. 62, No. 6, pp. 1193-1206, 2013.

  • G. Liang, J. Pang and C. Dai, “A Behavior-Based Malware Variant Classification Technique”, International Journal of Information and Education Technology, Vol. 6, No. 4, pp. 291-295, 2016.

  • D. Arshi and M. Singh, “Behavior Analysis of Malware using Machine Learning”, Proceedings of 8th International Conference on Contemporary Computing, pp. 481-486, 2015.

  • K. Rieck, P. Trinius, C. Willems and T. Holz, “Automatic Analysis of Malware Behavior using Machine Learning”, Journal of Computer Security, Vol. 19, No. 4, pp. 639-668, 2011.

  • N.S. Selamat, F. Hani, M. Ali and M. Science, “Polymorphic Malware Detection”, Proceedings of International Conference on IT Convergence and Security, pp. 12-18, 2016.

  • M. Eskandari, M.S. Razieh and A. Asadi, “Automatic Signature Generation for Polymorphic Worms by Combination of Token Extraction and Sequence Alignment Approaches”, Proceedings of IEEE 7th Conference on in Information and Knowledge Technology, pp. 116-126, 2015.

  • I. You and K. Yim, “Malware Obfuscation Techniques: A Brief Survey”, Proceedings of International Conference on Broadband, Wireless Computing Communication and Applications, pp. 297-300, 2010.

  • M. Ahmadi, A. Sami, H. Rahimi and B. Yadegari, “Malware Detection by Behavioural Sequential Patterns”, Computer Fraud and Security, Vol. 2013, No. 8, pp. 11-19, 2013.

  • D. Uppal, V. Mehra and V. Verma, “Basic Survey on Malware Analysis, Tools and Techniques”, International Journal on Computational Sciences and Applications, Vol. 4, No. 1, pp. 103-112, 2014.

  • M. Alazab et al., “A Hybrid Wrapper-Filter Approach for Malware Detection”, Journal of Networks, Vol. 9, No. 11, pp. 2878-2891, 2014.

  • S. Singla, E. Gandotra, D. Bansal and S. Sofat, “A Novel Approach to Malware Detection using Static Classification”, International Journal of Computer Science and Information Security, Vol. 13, No. 3, pp. 1-5, 2015.

  • S. Chaumette, O. Ly and R. Tabary, “Automated Extraction of Polymorphic Virus Signatures using Abstract Interpretation”, Proceedings of 5th International Conference on Network and System Security, pp. 41-48, 2011.

  • A. Verma, M. Rao, A. Gupta, W. Jeberson and V. Singh, “A Literature Review on Malware and Its Analysis”, International Journal of Current Research and Review, Vol. 5, No. 16, pp. 71-82, 2013.

  • S. Ranveer and S. Hiray, “Comparative Analysis of Feature Extraction Methods of Malware Detection”, International Journal of Computer Applications, Vol. 120, No. 5, pp. 1-7, 2015.

  • L. Wang, Z. Li, Y. Chen, Z.J. Fu and X. Li, “Thwarting Zero-Day Polymorphic Worms with Network-Level Length-based Signature Generation”, IEEE/ACM Transactions on Networking, Vol. 18, No. 1, pp. 53-66, 2010.

  • M.A.I. Almarshad, M.M.Z.E. Mohammed and A.S.K. Pathan, “Detecting Zero-Day Polymorphic Worms with Jaccard Similarity Algorithm”, International Journal of Communication Networks and Information Security, Vol. 8, No. 3, pp. 203-214, 2016.

  • Y. Prayudi and S. Yusirwan, “The Recognize of Malware Characteristics Through Static and Dynamic Analysis Approach as an Effort to Prevent Cybercrime Activities”, Journal of Theoretical and Applied Information Technology, Vol. 77, No. 3, pp. 438-445, 2015.

  • M. Vasilescu, L. Gheorghe and N. Tapus, “Practical Malware Analysis based on Sandboxing”, Proceedings of 13th Edition: Networking in Education and Research, pp. 1-6, 2014.

  • U. Baldangombo, N. Jambaljav and S.J. Horng, “A Static Malware Detection System using Data Mining Methods”, International Journal of Artificial Intelligence and Applications, Vol. 4, No. 4, pp. 113-119, 2013.

  • M. Sikorski and A. Honig, “Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software”, 1st Edition, No Starch Press, 2012.

  • J.U. Joo, I. Shin and M. Kim, “Efficient Methods to Trigger Adversarial Behaviors from Malware during Virtual Execution in Sandbox”, International Journal of Artificial Intelligence and Applications, Vol. 9, No. 1, pp. 369-376, 2015.

  • S. Gadhiya and K. Bhavsar, “Techniques for Malware Analysis”, International Journal of Advanced Research in Computer Science and Software Engineering, Vol. 3, No. 4, pp. 2277-2281, 2013.

  • J. Landage and M. Wankhade, “Malware and Malware Detection Techniques: A Survey”, International Journal of Engineering Research, Vol. 2, No. 12, pp. 61-68, 2013.

  • S.K. Pandey and B.M. Mehtre, “Performance of Malware Detection Tools: A Comparison”, Proceedings of IEEE International Conference on Advanced Communication, Control and Computing Technologies, pp. 1811-1817, 2015.

  • S. Yusirwan, Y. Prayudi and I. Riadi, “Implementation of Malware Analysis using Static and Dynamic Analysis Method”, International Journal of Computer Applications, Vol. 117, No. 6, pp. 11-15, 2015.

  • S. Hong and S. Lee, “New Malware Analysis Method on Digital Forensics”, Indian Journal of Science and Technology, Vol. 8, No. 17, pp. 1-6, 2015.

  • A. Kumar, K.S. Kuppusamy and G. Aghila, “A Learning Model to Detect Maliciousness of Portable Executable using Integrated Feature Set”, Journal of King Saud University-Computer and Information Sciences, 2017.

  • M.Z.A. Bhuiyan, J. Wu, G.M. Weiss, T. Hayajneh, T. Wang and G. Wang, “Event Detection through Differential Pattern Mining in Cyber-Physical Systems”, IEEE Transactions on Big Data, 2017.

  • J. Drew, T. Moore and M. Hahsler, “Polymorphic Malware Detection using Sequence Classification Methods”, Proceedings of IEEE Security and Privacy Workshops, pp. 81-87, 2016.

  • J. Drew, M. Hahsler and T. Moore, “Polymorphic Malware Detection using Sequence Classification Methods and Ensembles”, EURASIP Journal on Information Security, Vol. 2017, No. 1, pp. 1-2, 2017.

  • P. Sharma, S. Kaur and J. Arora, “An Advanced Approach to Polymorphic/Metamorphic Malware Detection using Hybrid Clustering Approach”, International Research Journal of Engineering and Technology, Vol. 3, No. 6, pp. 2229-2232, 2016.


Abstract Views: 198

PDF Views: 4




  • A State of the Art Survey on Polymorphic Malware Analysis and Detection Techniques

Abstract Views: 198  |  PDF Views: 4

Authors

Emmanuel Masabo
College of Computing and Information Sciences, Makerere University, Uganda
Kyanda Swaib Kaawaase
College of Computing and Information Sciences, Makerere University, Uganda
Julianne Sansa-Otim
College of Computing and Information Sciences, Makerere University, Uganda
John Ngubiri
College of Computing and Information Sciences, Makerere University, Uganda
Damien Hanyurwimfura
College of Science and Technology, University of Rwanda, Rwanda

Abstract


Nowadays, systems are under serious security threats caused by malicious software, commonly known as malware. Such malwares are sophisticatedly created with advanced techniques that make them hard to analyse and detect, thus causing a lot of damages. Polymorphism is one of the advanced techniques by which malware change their identity on each time they attack. This paper presents a detailed systematic and critical review that explores the available literature, and outlines the research efforts that have been made in relation to polymorphic malware analysis and their detection.

Keywords


Polymorphic Malware, Static Analysis, Dynamic Analysis, Machine Learning, Malware Detection.

References