Techniques involved in static analysis of malwareGeorge Chetcuti
Images and QR Codes:Steganography techniques let attackers conceal code within images. Sandbox static analysis is capable of extracting this hidden data. QR codes embedded within documents may also contain malicious links. A sandbox can decode these and expose the potential threats. Metadata:Information...
In this research, we compare malware detection techniques based on static, dynamic, and hybrid analysis. Specifically, we train Hidden Markov Models (HMMs) on both static and dynamic feature sets and compare the resulting detection rates over a substantial number of malware families. We also consid...
Malware continues to evolve despite intense use of antimalware techniques. Detecting malware becomes a tough task as malware attackers adapt different counter detection methods. The long forgotten signature method used by many antimalware companies has b
Unfortunately, the availability of advanced protection techniques to hide the real initial state of the process does not allow applying methods adopting this feature group comprehensively. From the results, it can be seen that the image-based method, proposed by Su et al. [18] achieved a ...
Dynamic analysis Once static analysis has been performed and the results have been reviewed, dynamic analysis techniques are typically the next step for deeper results. Due to Go’s memory safety, the problems normally found with dynamic analysis are those that result in a hard crash or an inval...
techniques for addressing these types of exploits have been proposed, in-browser adoption has been slow, in part because of the performance overhead these methods tend to incur. In this paper, we propose Zozzle, a low-overhead solution for detecting and preventing JavaScript malware that ...
Then, LibDroid performs forward analysis of the control flow graph and construct the condition dependencies by leveraging the symbolic execution techniques. We evaluate LibDroid using 52 open source library and 13,138 native library collected from 2,627 real-world application downloaded from Google ...
Dynamic code analysis – running the app in an emulator – is not affected by such obfuscation techniques, because the sensitive data is decrypted by the app's code at runtime. To leverage this advantage, we created a combined analysis process, composed of both dynamic and static ...
The results show that cAgen is an efficient approach to achieve the optimal parameter choices for ML techniques. Moreover, the covering array shows a significant promise, especially cAgen with regard to the ML hyper-parameter optimisation community, malware detectors community and overall security ...