LITERATURE REVIEW
In this chapter, we do an extensive study of malware detection and machine learning. This includes malware types, life cycle of a malware, malware analysis and detection, strategies for malware detection as well as machine learning and its types. MALWARE
Malware has been given different names and definitions. The word Malware is used to describe any form of malicious code also called malcode, malicious software or programs. One common definition of malware is the definition by McGraw and Morrisett (2000), that defines a malware as “any code added, changed, or removed from a software system in order to intentionally cause harm or subvert the intended function of the system.” Vasudevan & Yerraballi (2006) also describe malware as “a generic term that encompasses viruses, trojans, spywares and other intrusive code.” According to Christodorescu et al. (2005) any program that has a malevolent objective is a malware. Malware are generally created to compromise the confidentiality, integrity, or availability of the data/information in a computer system or network. MALWARE TYPES
One way of ensuring that the process of analysing malware is as fast as possible is by making informed hypotheses about the malware and its function. These hypotheses can then be tested. Since it is evident that better hypotheses can be made upon knowing what the malware does, some of the categories in which most malware fall into as explained by Sikorski & Honig (2012) are
Malware refers to any computer program that is designed to do things that are harmful to or unwanted by a computer's legitimate user.
Detecting the presence of a rootkit on a computer can be difficult, as this kind of malware is designed to stay hidden and do its business in the background. There are utilities designed to look for known and unknown types of rootkits through various methods, including using signatures or a behavioral approach that tries to detect a rootkit by looking for known behavior patterns. Removing a rootkit is a complex process and typically requires the use of specialized
I question these types of malware or viruses and would like to understand better how they work and if they could become terminal for our PC's. I clean my PC's via a service monthly and still wonder if there are certain virus/worms and other forms that are permanent. I have started to do a little research already, and I am glad I have chosen this topic. By doing so, I will be able to gain knowledge of the worm and its capabilities.
Now that issues with battling malware have been discussed, moving to solutions is the next step. Utilizing deobfuscation, especially through signature analysis, has already been discussed to its fullest potential. New methods include CPU analyzers, holograpy, eigenvirus detection, differential fault analysis, the growing grapes method, and whitelist protection. These are more general approaches and therefore do not rely on storing certain specific characteristics of the code of malware and tend to analyze behavior. Due to the extreme focus on deobfuscation, these ideas have only been explored fairly recently and are currently underdeveloped.
The authors of this article stated the purpose of the article was to describe methods of detecting clandestine malware using behavior and signature based methods. The authors;
Sikorski & Honig (2012), explain the fact that when carrying out malware analysis and detection, only the malware executable is present, which is usually not in natural language form. A variety of tools and techniques need to be employed to ensure that the underlying information is revealed. Two basic approaches to malware analysis and detection include: static analysis (observing the malware without running it), and dynamic analysis (running the malware). They can be done either in the basic form or more advanced ways.
Malware alters a computer’s operation that is used by hackers to gather sensitive information from unsuspecting companies and individuals. Malware collects passwords, bank information, social security numbers, internet surfing habits, etc. Malware can exist in the form of code, scripts, active content, and other software (“Common Fraud”, n.d.). Malware includes viruses, worms, rootkits, Trojan horses,
In these days, cyber-attacks have become a huge problem for online communities. Malware, such as viruses, Trojans, worms, spware, ad-ware, and many other forms are becoming an increasingly popular methods to infect computer machines. Malware, also known as malicious software, is used by hackers, and criminals around the world to disrupt computer activities, and gain access to private, or important information in computer systems, and to gather that information illegally. There are countless forms of malicious software, and they can be located everywhere, such as on widely known websites, advertisements being displayed, and more.
Messages that offer kinships, redirection, blessings and different free pictures and information exploit the namelessness and fellowship of the Internet to plant malicious code. The worker opens messages and connections thrash which Trojans, Viruses and Worms and other uninvited projects discover their direction into frameworks and networks.
Imagine starting up your computer only to see the image on the screen melt while eerie music plays. The hard drive crunches away. What is it doing in there? Before you turn off the machine, most of your files have been deleted. Your computer is the victim of a computer virus. But where did the virus come from? It may have been that game you borrowed or, more likely, it came from an electronic document.
With the increasing popularity of smartphones and since Android has become a popular platform it has also become a popular platform for mobile malware. Our defense strategies against this mobile malware is weak and largely constrained by the “limited understanding of these emerging mobile malware and the lack of timely access to related samples” [2]. The dataset the collected is of Android malware from a span of a little over a year (2010-2011). While characterizing the mobile malware they observed that the families are adapting and adopting update attacks and drive-by downloads to infect users; giving them an advantage since they are more stealthy and difficult to detect. They illustrate that anti-malware solutions are lagging behind the malware by performing an evolution-based study of representative Android malware, revealing how fast it is evolving. Their analysis also shows that malware authors are quickly learning from each other creating hybrid threats. One of the most common techniques used to piggyback malicious payloads into popular applications is repackaging. Among the 1260 malware samples they collected and analyzed, 86% were repackaged [2]. One permission used includes the installation of additional applications without user intervention. Another attack is an update attack where instead of enclosing the payload as
Due to this reliance on networked resources, traffic analysis becomes a valuable and effective method for detecting malware on host machines.Despite the frequency of malware traffic, net- work administrators and incident responders may not be aware of what characteristics are common to malware.By looking at traffic generated while malicious samples are executed the characteristics of the traffic can be recorded and investigated.
Abstract—If you take a quick visit to https://www.android.com , one of the first things you will see is the company’s claim that their operating system powers more than a billion devices across the globe. These devices include phones, tablets, watches, TVs, cars and more to come. Smartphones are used in many ways to include accessing sensitive documents, banking and controlling security systems. Various sources indicate that the smartphone market space is dominated by devices running the popular Android operating system. Two of the reasons why the Android OS is so popular is because of its open architecture and its application programming interface, or APIs. With such popularity, unscrupulous code developers see these devices as an opportunity to take advantage of unsuspecting users. Malware apps have drastically increased from 2010 to 2014 from a little over 1200 known variants to well over 1.5 million with over 90% of those designed for the Android OS. With such a large amount of malware and the majority of it designed for the Android OS, this paper will look at some of the various types of malware and the different methods of how they are deployed. We will also look at some of the methods employed to detect and defend against malware and the effectiveness of those methods.
The term malware (another way to say "malicious program design") have been normally used to allude to the conventional dangers postured by toxicities, Trojans, and worms. In the sequence of the most recent couple of years, the dangers presented by various different sorts of projects, including spyware and adware, have been constantly expanding. Spyware missions can quickly appear quickly, commandeer program sessions, divert programs to choose aim at locales or aggregate following data on client skimming propensities. They can make use of a client 's PC assets without his or her educated say-so, or even log a client 's keystrokes and
Not only is malware becoming more difficult to deobfuscate, but it 's also utilizing new functions that are difficult to detect by these means. Therefore, anti-malware researchers should focus on other forms of detection such as CPU analyzers, holograpy, eigenvirus detection, differential fault analysis, the growing grapes method, and whitelist protection.