A static heuristic approach to detecting malware targets
Nowadays malware writers usually employ several obfuscation techniques to evade detection. The number of variants detected each day has been increasing significantly. Unfortunately traditional detection approaches such as signature scanning are becoming inefficient to detect such malwares. Researche...
Gespeichert in:
| Veröffentlicht in: | Security and communication networks 2015-11, Vol.8 (17), p.3015-3027 |
|---|---|
| Hauptverfasser: | , , |
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | 3027 |
|---|---|
| container_issue | 17 |
| container_start_page | 3015 |
| container_title | Security and communication networks |
| container_volume | 8 |
| creator | Zakeri, Mohaddeseh Faraji Daneshgar, Fatemeh Abbaspour, Maghsoud |
| description | Nowadays malware writers usually employ several obfuscation techniques to evade detection. The number of variants detected each day has been increasing significantly. Unfortunately traditional detection approaches such as signature scanning are becoming inefficient to detect such malwares. Researches show that these obfuscations make some anomalies in Portable Executable files. In this paper, by focusing on important static heuristic features and fuzzy classification algorithms, we tried to detect malwares and packed files. In addition, we used preprocessing to evade anomaly exceptions in benign files that improved our detection results. The experimental results, using over 63 000 file samples, indicate that the proposed detector achieves high detection results with low false positive and false negative rates. Furthermore, our experimental results on new malware samples that had been undetectable for many years by antivirus products and new custom packers, show that our system works well with new and unknown samples too. Copyright © 2015 John Wiley & Sons, Ltd.
In this paper, by focusing on important static heuristic features and fuzzy classification algorithms, we tried to detect malwares and packed files. In addition, we used preprocessing to evade anomalies exception in benign files that improved our detection. |
| doi_str_mv | 10.1002/sec.1228 |
| format | Article |
| fullrecord | <record><control><sourceid>proquest_wiley</sourceid><recordid>TN_cdi_proquest_miscellaneous_1770309170</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>1770309170</sourcerecordid><originalsourceid>FETCH-LOGICAL-c4018-2b7b76125630266e4472ca4e2f06eec26cfcabb9c368812f9e41377c87c425b23</originalsourceid><addsrcrecordid>eNpdkFtLw0AQhRdRsFbBnxDwxZfUvWU3eSy1VqXesF7els06aVPTpu5uqP33bqhU8GXOGfiYORyETgnuEYzphQPTI5Sme6hDMpbFOCz7O0_4ITpybo6xIFzyDkr7kfPalyaaQWNL1zq9Wtlam1nk6-gDPBhfLqfRQldrbSHy2k7Bu2N0UOjKwcmvdtHL1XAyuI7HD6ObQX8cG45JGtNc5lIQmgiGqRDAuaRGc6AFFgCGClMYneeZYSJNCS0y4IRJaVJpOE1yyrrofHs3ZPpqwHm1KJ2BqtJLqBuniJSY4YyE2UVn_9B53dhlSBeo8DyRKZGBirfUuqxgo1a2XGi7UQSrtj8V-lNtf-p5OGj1jw_lwPeO1_ZTCclkot7uR-qd3r0-PV7eqgn7AQOJccs</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>1726657817</pqid></control><display><type>article</type><title>A static heuristic approach to detecting malware targets</title><source>Elektronische Zeitschriftenbibliothek - Frei zugängliche E-Journals</source><source>Alma/SFX Local Collection</source><creator>Zakeri, Mohaddeseh ; Faraji Daneshgar, Fatemeh ; Abbaspour, Maghsoud</creator><creatorcontrib>Zakeri, Mohaddeseh ; Faraji Daneshgar, Fatemeh ; Abbaspour, Maghsoud</creatorcontrib><description>Nowadays malware writers usually employ several obfuscation techniques to evade detection. The number of variants detected each day has been increasing significantly. Unfortunately traditional detection approaches such as signature scanning are becoming inefficient to detect such malwares. Researches show that these obfuscations make some anomalies in Portable Executable files. In this paper, by focusing on important static heuristic features and fuzzy classification algorithms, we tried to detect malwares and packed files. In addition, we used preprocessing to evade anomaly exceptions in benign files that improved our detection results. The experimental results, using over 63 000 file samples, indicate that the proposed detector achieves high detection results with low false positive and false negative rates. Furthermore, our experimental results on new malware samples that had been undetectable for many years by antivirus products and new custom packers, show that our system works well with new and unknown samples too. Copyright © 2015 John Wiley & Sons, Ltd.
In this paper, by focusing on important static heuristic features and fuzzy classification algorithms, we tried to detect malwares and packed files. In addition, we used preprocessing to evade anomalies exception in benign files that improved our detection.</description><identifier>ISSN: 1939-0114</identifier><identifier>EISSN: 1939-0122</identifier><identifier>DOI: 10.1002/sec.1228</identifier><language>eng</language><publisher>London: Blackwell Publishing Ltd</publisher><subject>Algorithms ; Anomalies ; Classification ; Fuzzy ; Fuzzy set theory ; Heuristic ; machine learning ; Malware ; malware detection ; obfuscation techniques ; packer ; PE file header ; Preprocessing</subject><ispartof>Security and communication networks, 2015-11, Vol.8 (17), p.3015-3027</ispartof><rights>Copyright © 2015 John Wiley & Sons, Ltd.</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c4018-2b7b76125630266e4472ca4e2f06eec26cfcabb9c368812f9e41377c87c425b23</citedby></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>314,776,780,27904,27905</link.rule.ids></links><search><creatorcontrib>Zakeri, Mohaddeseh</creatorcontrib><creatorcontrib>Faraji Daneshgar, Fatemeh</creatorcontrib><creatorcontrib>Abbaspour, Maghsoud</creatorcontrib><title>A static heuristic approach to detecting malware targets</title><title>Security and communication networks</title><addtitle>Security Comm. Networks</addtitle><description>Nowadays malware writers usually employ several obfuscation techniques to evade detection. The number of variants detected each day has been increasing significantly. Unfortunately traditional detection approaches such as signature scanning are becoming inefficient to detect such malwares. Researches show that these obfuscations make some anomalies in Portable Executable files. In this paper, by focusing on important static heuristic features and fuzzy classification algorithms, we tried to detect malwares and packed files. In addition, we used preprocessing to evade anomaly exceptions in benign files that improved our detection results. The experimental results, using over 63 000 file samples, indicate that the proposed detector achieves high detection results with low false positive and false negative rates. Furthermore, our experimental results on new malware samples that had been undetectable for many years by antivirus products and new custom packers, show that our system works well with new and unknown samples too. Copyright © 2015 John Wiley & Sons, Ltd.
In this paper, by focusing on important static heuristic features and fuzzy classification algorithms, we tried to detect malwares and packed files. In addition, we used preprocessing to evade anomalies exception in benign files that improved our detection.</description><subject>Algorithms</subject><subject>Anomalies</subject><subject>Classification</subject><subject>Fuzzy</subject><subject>Fuzzy set theory</subject><subject>Heuristic</subject><subject>machine learning</subject><subject>Malware</subject><subject>malware detection</subject><subject>obfuscation techniques</subject><subject>packer</subject><subject>PE file header</subject><subject>Preprocessing</subject><issn>1939-0114</issn><issn>1939-0122</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2015</creationdate><recordtype>article</recordtype><sourceid>ABUWG</sourceid><sourceid>AFKRA</sourceid><sourceid>AZQEC</sourceid><sourceid>BENPR</sourceid><sourceid>CCPQU</sourceid><sourceid>DWQXO</sourceid><sourceid>GNUQQ</sourceid><recordid>eNpdkFtLw0AQhRdRsFbBnxDwxZfUvWU3eSy1VqXesF7els06aVPTpu5uqP33bqhU8GXOGfiYORyETgnuEYzphQPTI5Sme6hDMpbFOCz7O0_4ITpybo6xIFzyDkr7kfPalyaaQWNL1zq9Wtlam1nk6-gDPBhfLqfRQldrbSHy2k7Bu2N0UOjKwcmvdtHL1XAyuI7HD6ObQX8cG45JGtNc5lIQmgiGqRDAuaRGc6AFFgCGClMYneeZYSJNCS0y4IRJaVJpOE1yyrrofHs3ZPpqwHm1KJ2BqtJLqBuniJSY4YyE2UVn_9B53dhlSBeo8DyRKZGBirfUuqxgo1a2XGi7UQSrtj8V-lNtf-p5OGj1jw_lwPeO1_ZTCclkot7uR-qd3r0-PV7eqgn7AQOJccs</recordid><startdate>20151125</startdate><enddate>20151125</enddate><creator>Zakeri, Mohaddeseh</creator><creator>Faraji Daneshgar, Fatemeh</creator><creator>Abbaspour, Maghsoud</creator><general>Blackwell Publishing Ltd</general><general>Hindawi Limited</general><scope>BSCLL</scope><scope>7SC</scope><scope>7SP</scope><scope>8FD</scope><scope>8FE</scope><scope>8FG</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>ARAPS</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>GNUQQ</scope><scope>HCIFZ</scope><scope>JQ2</scope><scope>K7-</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><scope>P5Z</scope><scope>P62</scope><scope>PIMPY</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PRINS</scope></search><sort><creationdate>20151125</creationdate><title>A static heuristic approach to detecting malware targets</title><author>Zakeri, Mohaddeseh ; Faraji Daneshgar, Fatemeh ; Abbaspour, Maghsoud</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c4018-2b7b76125630266e4472ca4e2f06eec26cfcabb9c368812f9e41377c87c425b23</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2015</creationdate><topic>Algorithms</topic><topic>Anomalies</topic><topic>Classification</topic><topic>Fuzzy</topic><topic>Fuzzy set theory</topic><topic>Heuristic</topic><topic>machine learning</topic><topic>Malware</topic><topic>malware detection</topic><topic>obfuscation techniques</topic><topic>packer</topic><topic>PE file header</topic><topic>Preprocessing</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Zakeri, Mohaddeseh</creatorcontrib><creatorcontrib>Faraji Daneshgar, Fatemeh</creatorcontrib><creatorcontrib>Abbaspour, Maghsoud</creatorcontrib><collection>Istex</collection><collection>Computer and Information Systems Abstracts</collection><collection>Electronics & Communications Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>ProQuest Central (Alumni Edition)</collection><collection>ProQuest Central UK/Ireland</collection><collection>Advanced Technologies & Aerospace Collection</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>ProQuest Central Student</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Computer Science Collection</collection><collection>Computer Science Database</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><collection>Advanced Technologies & Aerospace Database</collection><collection>ProQuest Advanced Technologies & Aerospace Collection</collection><collection>Publicly Available Content Database</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central China</collection><jtitle>Security and communication networks</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Zakeri, Mohaddeseh</au><au>Faraji Daneshgar, Fatemeh</au><au>Abbaspour, Maghsoud</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>A static heuristic approach to detecting malware targets</atitle><jtitle>Security and communication networks</jtitle><addtitle>Security Comm. Networks</addtitle><date>2015-11-25</date><risdate>2015</risdate><volume>8</volume><issue>17</issue><spage>3015</spage><epage>3027</epage><pages>3015-3027</pages><issn>1939-0114</issn><eissn>1939-0122</eissn><abstract>Nowadays malware writers usually employ several obfuscation techniques to evade detection. The number of variants detected each day has been increasing significantly. Unfortunately traditional detection approaches such as signature scanning are becoming inefficient to detect such malwares. Researches show that these obfuscations make some anomalies in Portable Executable files. In this paper, by focusing on important static heuristic features and fuzzy classification algorithms, we tried to detect malwares and packed files. In addition, we used preprocessing to evade anomaly exceptions in benign files that improved our detection results. The experimental results, using over 63 000 file samples, indicate that the proposed detector achieves high detection results with low false positive and false negative rates. Furthermore, our experimental results on new malware samples that had been undetectable for many years by antivirus products and new custom packers, show that our system works well with new and unknown samples too. Copyright © 2015 John Wiley & Sons, Ltd.
In this paper, by focusing on important static heuristic features and fuzzy classification algorithms, we tried to detect malwares and packed files. In addition, we used preprocessing to evade anomalies exception in benign files that improved our detection.</abstract><cop>London</cop><pub>Blackwell Publishing Ltd</pub><doi>10.1002/sec.1228</doi><tpages>13</tpages><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 1939-0114 |
| ispartof | Security and communication networks, 2015-11, Vol.8 (17), p.3015-3027 |
| issn | 1939-0114 1939-0122 |
| language | eng |
| recordid | cdi_proquest_miscellaneous_1770309170 |
| source | Elektronische Zeitschriftenbibliothek - Frei zugängliche E-Journals; Alma/SFX Local Collection |
| subjects | Algorithms Anomalies Classification Fuzzy Fuzzy set theory Heuristic machine learning Malware malware detection obfuscation techniques packer PE file header Preprocessing |
| title | A static heuristic approach to detecting malware targets |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-21T09%3A42%3A32IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_wiley&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=A%20static%20heuristic%20approach%20to%20detecting%20malware%20targets&rft.jtitle=Security%20and%20communication%20networks&rft.au=Zakeri,%20Mohaddeseh&rft.date=2015-11-25&rft.volume=8&rft.issue=17&rft.spage=3015&rft.epage=3027&rft.pages=3015-3027&rft.issn=1939-0114&rft.eissn=1939-0122&rft_id=info:doi/10.1002/sec.1228&rft_dat=%3Cproquest_wiley%3E1770309170%3C/proquest_wiley%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=1726657817&rft_id=info:pmid/&rfr_iscdi=true |