Abstract

Malware means malicious software. Detecting malware over a system is malware analysis. It consists of two parts static analysis and dynamic analysis. Static analysis includes analyzing a suspicious file and dynamic analysis means observing a file during its process time. In this paper, we have proposed a framework for malware analysis based on semi automated malware detection usually machine learning which is based on dynamic malware detection . The framework shows the quality of experience (QoE) to maintain the efficiency tradeoffs and uses the method of classification. The samples of malware also shows that the framework create a strong detection method.

References

• Sikorski, Michael, and Andrew Honig. Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software. No Starch Press, 2015.
• Egele, Manuel, et al. “A survey on automated dynamic malware-analysis techniques and tools.” ACM Computing Surveys (CSUR) 44.2 (2016): 6.
• R. Perdisci, A. Lanzi, and W. Lee, “McBoost: Boosting Scalability in Malware Collection and Analysis using Statistical Classification of Executables,” 2011, pp. 301–310.
• S. M. Tabish, M. Z. Shafiq, and M. Farooq, “Malware Detection using Statistical Analysis of Byte-Level File Content,” CSI-KDD ’09 Proceedings of the ACM SIGKDD Workshop on CyberSecurity and Intelligence Informatics, pp. 23–31, 2009.
• D. Wagner and P. Soto, “Mimicry Attacks on Host-Based Intrusion Detection Systems,” Proceedings of the 9th ACM
• Conference on Computer and CommunicationsSecurity, pp. 255–264, 2002.
• A. Walenstein and M. Venable, “Exploiting Similarity Between Variants to Defeat Malware,” Proceedings of BlackHat Briefings DC 2007, pp. 1–12, 2007.
• A. Karnik, S. Goswami, and R. Guha, “Detecting Obfuscated Viruses Using Cosine Similarity Analysis,” First Asia International Conference on Modelling & Simulation (AMS’07), pp. 165–170, 2007.
• M. Gheorghescu, “An Automated Virus Classification System,” Virus Bulletin Conference, pp. 294–300, 2005.
• C. LeDoux and A. Lakhotia, “Malware and machine learning,” in Intelligent Methods for Cyber Warfare, 2015.
• X. Hu, T. Chiueh, and K. G. Shin, “Large-scale Malware Indexing Using Function-Call Graphs,” Proceedings of the 16th ACM Conference on Computer and Communications Security, 2009.
• D. Maiorca and G. Giacinto, “Looking at the Bag is not Enough to Find the Bomb : An Evasion of Structural Methods for Malicious PDF Files Detection,”
• Proceedings of the ASIA CCS’13, pp. 119–129, 2013.N. Srndic and P. Laskov, “Practical Evasion of A Learning-based Classifier: A case study,” Proceedings - IEEE Symposium on Security and Privacy, pp. 197–211, 2014.
• W. Xu, Y. Qi, and D. Evans, “Automatically evading classifiers: A case study on pdf malware classifiers,” NDSS, 2016.
• K. Rieck, P. Trinius, C. Willems, and T. Holz, “Automatic Analysis of Malware Behavior using Machine Learning,” pp. 1–30, 2011.
• U. Bayer, “Large-Scale Dynamic Malware Analysis,” PhD Thesis, pp. 1–109, 2009.
• U. Bayer, P. M. Comparetti, C. Hlauschek, C. Kruegel, and E. Kirda, “Scalable , Behavior-Based Malware Clustering,” NDSS, pp. 51–88, 2009.
• Google Safe Browsing, “Google Safe Browsing.”
• [Online]. Available: https: //safebrowsing.google.com/
• W. Xu, Y. Qi, and D. Evans, “Automatically evading classifiers: A case study on pdf malware classifiers,” NDSS, 2016.
• U. Bayer, “Large-Scale Dynamic Malware
• Analysis,” PhD Thesis, pp. 1–109, 2009.
• 22. U. Bayer, P. M. Comparetti, C.Hlauschek, C.Kruegel, and E. Kirda, “Scalable , Behavior- Based Malware Clustering,” NDSS, pp. 51–88, 2009.
• P. Trinius, C. Willems, T. Holz, and K.Rieck, “A Malware Instruction Set for Behavior-Based Analysis,” Sicherheit Schutz undZuverl¨assigkeit SICHERHEIT, pp. 1–11, 2011.
• “Malware Information Sharing Platform,”
• http://www.misp-project.org/, 2016, [Online; accessed March, 2016].
• “Information Sharing Specifications for Cybersecurity,” https://www.us-cert. gov/Information-Sharing-specifications Cybersecurity, 2016, [Online; accessed March, 2016].