Detection techniques of common malware features : a systematic review
Authors
Date
2023Copyright
© The Author(s)
Tarkkojen ja vakaiden haittaohjelmatunnistimien luominen on välttämätöntä haittaohjelmien kehittyessä jatkuvasti. Tässä pro gradu -tutkielmassa suoritettiin systemaattinen kirjallisuuskatsaus tyypillisten haittaohjelmapiirteiden tunnistusmenetelmistä. Viime vuosien yleisimpiä haittaohjelmaperheitä tutkittiin ensin niille tyypillisten piirteiden tunnistamiseksi, joista tärkeimpiä olivat API-kutsut ja kommunikaatio komentopalvelimen kanssa. Sen jälkeen suoritettiin systemaattinen katsaus löydettyjen piirteiden perusteella. Analysoitavaksi valittiin 33 artikkelia, jotka oli julkaistu vuosien 2018 ja 2023 välillä. Kaikki käsitellyt artikkelit sovelsivat haittaohjelmien käyttäytymisen tunnistamista ja suurin osa käytti koneoppimista kehittämässään mallissa. Analyysin perusteella tarkkojen ja nopeiden tunnistimien kehittäminen on mahdollista koneoppimismalleilla, ja tunnistettavien piirteiden käsittelyllä voidaan torjua joitain haittaohjelmien käyttämiä väistötaktiikoita. Tutkimus osoitti puutteita laskentaresurssien käytön optimointiin ja analyysiympäristön välttämisen torjumiseen keskittyvässä tutkimuksessa.
...
Building accurate and robust detectors is essential to keep up with constantly evolving malware. In this thesis, a systematic literature review of detection techniques of common malware features was conducted. Prevalent malware families of recent years were first studied to identify their common features, most important of which where API calls and communication with a Command and Control server. The systematic review was then conducted based on the discovered features. The final analysis included 33 papers published between 2018 and 2023. All reviewed papers applied behavior-based detection and most of them used machine learning in their proposed model. The papers suggested that building both accurate and fast detectors is possible with machine learning models, and feature processing techniques can be used to make detectors resistant to some evasive tactics used by malware. The study revealed a lack of research focus on optimizing the use of computational resources and counteracting sandbox evasion.
...
Keywords
Metadata
Show full item recordCollections
- Pro gradu -tutkielmat [29107]
License
Related items
Showing items with similar title or keywords.
-
Artificial Intelligence for Cybersecurity : A Systematic Mapping of Literature
Wiafe, Isaac; Koranteng, Felix N.; Obeng, Emmanuel N.; Assyne, Nana; Wiafe, Abigail; Gulliver, Stephen R. (IEEE, 2020)Due to the ever-increasing complexities in cybercrimes, there is the need for cybersecurity methods to be more robust and intelligent. This will make defense mechanisms to be capable of making real-time decisions that can ... -
Support Vector Machine Integrated with game-theoretic approach and genetic algorithm for the detection and classification of malware
Zolotukhin, Mikhail; Hämäläinen, Timo (IEEE, 2013)Abstract. —In the modern world, a rapid growth of mali- cious software production has become one of the most signifi- cant threats to the network security. Unfortunately, wides pread signature-based anti-malware ... -
A Network-Based Framework for Mobile Threat Detection
Kumar, Sanjay; Viinikainen, Ari; Hämäläinen, Timo (IEEE, 2018)Mobile malware attacks increased three folds in the past few years and continued to expand with the growing number of mobile users. Adversary uses a variety of evasion techniques to avoid detection by traditional systems, ... -
Piecewise anomaly detection using minimal learning machine for hyperspectral images
Raita-Hakola, A.-M.; Pölönen, I. (Copernicus Publications, 2021)Hyperspectral imaging, with its applications, offers promising tools for remote sensing and Earth observation. Recent development has increased the quality of the sensors. At the same time, the prices of the sensors are ... -
How pedagogical agents communicate with students : A two-phase systematic review
Sikström, Pieta; Valentini, Chiara; Sivunen, Anu; Kärkkäinen, Tommi (Elsevier, 2022)Technological advancements have improved the capabilities of pedagogical agents to communicate with students. However, an increased use of pedagogical agents in learning environments calls for a deeper understanding of ...