Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Malware Analysis
Malware Detection Issues, Challenges, and Future Directions: A Survey
Message
<blockquote data-quote="Andy Ful" data-source="post: 1001370" data-attributes="member: 32260"><p>Your post shows the difference between theory and practice.<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite109" alt=":)" title="Smile :)" loading="lazy" data-shortname=":)" /></p><p></p><p></p><p>I am not sure if the authors use the term "heuristic" in the same way as you. This term is used by authors only in the context of malware detection made by researchers and it is probably more specific:</p><p></p><p><em>"A heuristic-based approach has been used in various research by generating generic rules that investigate the extracted data, which are given through dynamic or static analysis to support the proposed model of detecting malicious intent. The generated rules can be developed automatically using machine learning techniques, the YARA tool, and other tools or manually based on the experience and knowledge of expert analysts."</em></p><p></p><p>According to this definition, heuristic-based detection is based on static and dynamic data. So, it contains "heuristic signatures", "heuristic behaviors", and "heuristic patterns".</p><p></p><p></p><p>Yes. But this is a review of many articles that just did it. The researchers usually must simplify the reality to compare the results with others. This is similar to other disciplines. For example, in medicine, a surgeon can see a human body very differently compared to a psychiatrist.</p><p>Anyway, the authors agree with you.</p><p></p><p></p><p>It must be so because API calls can be seen independently at different stages (analysis, detection, or feature extraction). For example, another set of API calls can be important when analyzing the unknown malware, compared to API calls used for detecting this malware. The same can be true for signature-based and behavior-based detections. In many cases, the malware can be detected first by behavior (API calls used) when there is no malware signature. Some of these API calls can be also used to create malware signatures.</p><p></p><p></p><p></p><p>This Opcode is taken from the memory when malware is running.</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 1001370, member: 32260"] Your post shows the difference between theory and practice.:) I am not sure if the authors use the term "heuristic" in the same way as you. This term is used by authors only in the context of malware detection made by researchers and it is probably more specific: [I]"A heuristic-based approach has been used in various research by generating generic rules that investigate the extracted data, which are given through dynamic or static analysis to support the proposed model of detecting malicious intent. The generated rules can be developed automatically using machine learning techniques, the YARA tool, and other tools or manually based on the experience and knowledge of expert analysts."[/I] According to this definition, heuristic-based detection is based on static and dynamic data. So, it contains "heuristic signatures", "heuristic behaviors", and "heuristic patterns". Yes. But this is a review of many articles that just did it. The researchers usually must simplify the reality to compare the results with others. This is similar to other disciplines. For example, in medicine, a surgeon can see a human body very differently compared to a psychiatrist. Anyway, the authors agree with you. It must be so because API calls can be seen independently at different stages (analysis, detection, or feature extraction). For example, another set of API calls can be important when analyzing the unknown malware, compared to API calls used for detecting this malware. The same can be true for signature-based and behavior-based detections. In many cases, the malware can be detected first by behavior (API calls used) when there is no malware signature. Some of these API calls can be also used to create malware signatures. This Opcode is taken from the memory when malware is running. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
