article

Automatic analysis of malware behavior using machine learning

Authors:

Konrad Rieck,

Philipp Trinius,

Carsten Willems,

Thorsten Holz_aff2n3Authors Info & Claims

Journal of Computer Security, Volume 19, Issue 4

Pages 639 - 668

Published: 01 December 2011 Publication History

Abstract

Malicious software - so called malware - poses a major threat to the security of computer systems. The amount and diversity of its variants render classic security defenses ineffective, such that millions of hosts in the Internet are infected with malware in the form of computer viruses, Internet worms and Trojan horses. While obfuscation and polymorphism employed by malware largely impede detection at file level, the dynamic analysis of malware binaries during run-time provides an instrument for characterizing and defending against the threat of malicious software.

In this article, we propose a framework for the automatic analysis of malware behavior using machine learning. The framework allows for automatically identifying novel classes of malware with similar behavior (clustering) and assigning unknown malware to these discovered classes (classification). Based on both, clustering and classification, we propose an incremental approach for behavior-based analysis, capable of processing the behavior of thousands of malware binaries on a daily basis. The incremental analysis significantly reduces the run-time overhead of current analysis methods, while providing accurate discovery and discrimination of novel malware variants.

Cited By

View all

Amira ADerhab AKarbab ENouali O(2023)A Survey of Malware Analysis Using Community Detection AlgorithmsACM Computing Surveys10.1145/361022356:2(1-29)Online publication date: 15-Sep-2023
https://dl.acm.org/doi/10.1145/3610223
Hong SSeo HYoon M(2023)Data Auditing for Intelligent Network Security MonitoringIEEE Communications Magazine10.1109/MCOM.003.220004661:3(74-79)Online publication date: 1-Mar-2023
https://dl.acm.org/doi/10.1109/MCOM.003.2200046
Du JRaza SAhmad MAlam IDar SHabib M(2022)Digital Forensics as Advanced Ransomware Pre-Attack Detection Algorithm for Endpoint Data ProtectionSecurity and Communication Networks10.1155/2022/14246382022Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.1155/2022/1424638
Show More Cited By

Automatic analysis of malware behavior using machine learning
1. Computing methodologies
  1. Machine learning
    1. Learning paradigms
      1. Unsupervised learning

Recommendations

Machine Learning and Images for Malware Detection and Classification
PCI '17: Proceedings of the 21st Pan-Hellenic Conference on Informatics

Detecting malicious code with exact match on collected datasets is becoming a large-scale identification problem due to the existence of new malware variants. Being able to promptly and accurately identify new attacks enables security experts to respond ...
Crytojacking Classification based on Machine Learning Algorithm
ICCBN '20: Proceedings of the 2020 8th International Conference on Communications and Broadband Networking

The rise of cryptocurrency has resulted in a number of concerns. A new threat known as cryptojacking" has entered the picture where cryptojacking malware is the trend for future cyber criminals, who infect computers, install cryptocurrency miners, and ...
Malicious sequential pattern mining for automatic malware detection

An effective framework using sequence mining technique is proposed for automatic malware detection.An efficient sequential pattern mining algorithm for discovering discriminative patterns between malware and benign samples.A new nearest neighbor ...

Comments

Information & Contributors

Information

Published In

cover image Journal of Computer Security

Journal of Computer Security Volume 19, Issue 4

December 2011

156 pages

ISSN:0926-227X

Issue’s Table of Contents

Publisher

IOS Press

Netherlands

Publication History

Published: 01 December 2011

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

99
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 23 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Amira ADerhab AKarbab ENouali O(2023)A Survey of Malware Analysis Using Community Detection AlgorithmsACM Computing Surveys10.1145/361022356:2(1-29)Online publication date: 15-Sep-2023
https://dl.acm.org/doi/10.1145/3610223
Hong SSeo HYoon M(2023)Data Auditing for Intelligent Network Security MonitoringIEEE Communications Magazine10.1109/MCOM.003.220004661:3(74-79)Online publication date: 1-Mar-2023
https://dl.acm.org/doi/10.1109/MCOM.003.2200046
Du JRaza SAhmad MAlam IDar SHabib M(2022)Digital Forensics as Advanced Ransomware Pre-Attack Detection Algorithm for Endpoint Data ProtectionSecurity and Communication Networks10.1155/2022/14246382022Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.1155/2022/1424638
Labrèche FMariconti EStringhini G(2022)Shedding Light on the Targeted Victim Profiles of Malicious DownloadersProceedings of the 17th International Conference on Availability, Reliability and Security10.1145/3538969.3544435(1-10)Online publication date: 23-Aug-2022
https://dl.acm.org/doi/10.1145/3538969.3544435
Song WLi XAfroz SGarg DKuznetsov DYin HSuga YSakurai KDing XSako K(2022)MAB-MalwareProceedings of the 2022 ACM on Asia Conference on Computer and Communications Security10.1145/3488932.3497768(990-1003)Online publication date: 30-May-2022
https://dl.acm.org/doi/10.1145/3488932.3497768
Bowman BHuang H(2021)Towards Next-Generation Cybersecurity with Graph AIACM SIGOPS Operating Systems Review10.1145/3469379.346938655:1(61-67)Online publication date: 6-Jun-2021
https://dl.acm.org/doi/10.1145/3469379.3469386
Puodzius CZendra OHeuser ANoureddine L(2021)Accurate and Robust Malware Analysis through Similarity of External Calls Dependency Graphs (ECDG)Proceedings of the 16th International Conference on Availability, Reliability and Security10.1145/3465481.3470115(1-12)Online publication date: 17-Aug-2021
https://dl.acm.org/doi/10.1145/3465481.3470115
Rosenberg IShabtai AElovici YRokach L(2021)Adversarial Machine Learning Attacks and Defense Methods in the Cyber Security DomainACM Computing Surveys10.1145/345315854:5(1-36)Online publication date: 25-May-2021
https://dl.acm.org/doi/10.1145/3453158
Mohammed TNataraj LChikkagoudar SChandrasekaran SManjunath B(2021)HAPSSA: Holistic Approach to PDF malware detection using Signal and Statistical AnalysisMILCOM 2021 - 2021 IEEE Military Communications Conference (MILCOM)10.1109/MILCOM52596.2021.9653097(709-714)Online publication date: 29-Nov-2021
https://dl.acm.org/doi/10.1109/MILCOM52596.2021.9653097
Rabadi DTeo S(2020)Advanced Windows Methods on Malware Detection and ClassificationProceedings of the 36th Annual Computer Security Applications Conference10.1145/3427228.3427242(54-68)Online publication date: 7-Dec-2020
https://dl.acm.org/doi/10.1145/3427228.3427242
Show More Cited By

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Abstract

Cited By

Recommendations

Machine Learning and Images for Malware Detection and Classification

Crytojacking Classification based on Machine Learning Algorithm

Malicious sequential pattern mining for automatic malware detection

Comments

Information

Published In

Publisher

Publication History

Author Tags

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Get Access

Login options

Full Access

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations