A Comparison of Static, Dynamic, and Hybrid Analysis for Malware
Detection
- URL: http://arxiv.org/abs/2203.09938v1
- Date: Sun, 13 Mar 2022 15:52:31 GMT
- Title: A Comparison of Static, Dynamic, and Hybrid Analysis for Malware
Detection
- Authors: Anusha Damodaran and Fabio Di Troia and Visaggio Aaron Corrado and
Thomas H. Austin and Mark Stamp
- Abstract summary: We compare malware detection techniques based on static, dynamic, and hybrid analysis.
In our experiments, a fully dynamic approach generally yields the best detection rates.
- Score: 4.759823735082844
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: In this research, we compare malware detection techniques based on static,
dynamic, and hybrid analysis. Specifically, we train Hidden Markov Models (HMMs
) on both static and dynamic feature sets and compare the resulting detection
rates over a substantial number of malware families. We also consider hybrid
cases, where dynamic analysis is used in the training phase, with static
techniques used in the detection phase, and vice versa. In our experiments, a
fully dynamic approach generally yields the best detection rates. We discuss
the implications of this research for malware detection based on hybrid
techniques.
Related papers
- Impacts of Data Preprocessing and Hyperparameter Optimization on the Performance of Machine Learning Models Applied to Intrusion Detection Systems [0.8388591755871736]
Intrusion Detection Systems (IDS) have been continuously improved.
Many of them incorporate machine learning (ML) techniques to identify threats.
This article aims to present a study that fills this research gap.
arXiv Detail & Related papers (2024-07-15T14:30:25Z) - SLIFER: Investigating Performance and Robustness of Malware Detection Pipelines [12.940071285118451]
academia focuses on combining static and dynamic analysis within a single or ensemble of models.
We propose SLIFER, a novel Windows malware detection pipeline sequentially leveraging both static and dynamic analysis.
arXiv Detail & Related papers (2024-05-23T12:06:10Z) - A Multi-Grained Symmetric Differential Equation Model for Learning
Protein-Ligand Binding Dynamics [74.93549765488103]
In drug discovery, molecular dynamics simulation provides a powerful tool for predicting binding affinities, estimating transport properties, and exploring pocket sites.
We propose NeuralMD, the first machine learning surrogate that can facilitate numerical MD and provide accurate simulations in protein-ligand binding.
We show the efficiency and effectiveness of NeuralMD, with a 2000$times$ speedup over standard numerical MD simulation and outperforming all other ML approaches by up to 80% under the stability metric.
arXiv Detail & Related papers (2024-01-26T09:35:17Z) - EMBERSim: A Large-Scale Databank for Boosting Similarity Search in
Malware Analysis [48.5877840394508]
In recent years there has been a shift from quantifications-based malware detection towards machine learning.
We propose to address the deficiencies in the space of similarity research on binary files, starting from EMBER.
We enhance EMBER with similarity information as well as malware class tags, to enable further research in the similarity space.
arXiv Detail & Related papers (2023-10-03T06:58:45Z) - Simulation-based Inference for Cardiovascular Models [57.92535897767929]
We use simulation-based inference to solve the inverse problem of mapping waveforms back to plausible physiological parameters.
We perform an in-silico uncertainty analysis of five biomarkers of clinical interest.
We study the gap between in-vivo and in-silico with the MIMIC-III waveform database.
arXiv Detail & Related papers (2023-07-26T02:34:57Z) - Capturing dynamical correlations using implicit neural representations [85.66456606776552]
We develop an artificial intelligence framework which combines a neural network trained to mimic simulated data from a model Hamiltonian with automatic differentiation to recover unknown parameters from experimental data.
In doing so, we illustrate the ability to build and train a differentiable model only once, which then can be applied in real-time to multi-dimensional scattering data.
arXiv Detail & Related papers (2023-04-08T07:55:36Z) - Deep Image: A precious image based deep learning method for online
malware detection in IoT Environment [12.558284943901613]
In this paper, a different view of malware analysis is considered and the risk level of each sample feature is computed.
In addition to the usual machine learning criteria namely accuracy and FPR, a proposed criterion based on the risk of samples has also been used for comparison.
The results show that the deep learning approach performed better in detecting malware.
arXiv Detail & Related papers (2022-04-04T17:56:55Z) - Improving robustness of jet tagging algorithms with adversarial training [56.79800815519762]
We investigate the vulnerability of flavor tagging algorithms via application of adversarial attacks.
We present an adversarial training strategy that mitigates the impact of such simulated attacks.
arXiv Detail & Related papers (2022-03-25T19:57:19Z) - Learning continuous models for continuous physics [94.42705784823997]
We develop a test based on numerical analysis theory to validate machine learning models for science and engineering applications.
Our results illustrate how principled numerical analysis methods can be coupled with existing ML training/testing methodologies to validate models for science and engineering applications.
arXiv Detail & Related papers (2022-02-17T07:56:46Z) - ML-based IoT Malware Detection Under Adversarial Settings: A Systematic
Evaluation [9.143713488498513]
This work systematically examines the state-of-the-art malware detection approaches, that utilize various representation and learning techniques.
We show that software mutations with functionality-preserving operations, such as stripping and padding, significantly deteriorate the accuracy of such detectors.
arXiv Detail & Related papers (2021-08-30T16:54:07Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.