Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Malware Analysis
Malware Detection Issues, Challenges, and Future Directions: A Survey
Message
<blockquote data-quote="struppigel" data-source="post: 1001639" data-attributes="member: 86910"><p>Not really because most of the research has become so detached from reality, it lacks practicability. Especially for AI research I mostly see things that are not usable, suffer from base rate fallacy when evaluating their results, do not take into account a reasonable false positive rate, have an unacceptable performance and try to be a one-in-all solution which never works.</p><p></p><p>Most of the time AV vendors invent their own techniques but then sadly have to keep shut about how it works to not benefit the criminals nor the competitors (I am a huge fan of sharing knowledge but it does not work for participants in capitalism).</p><p></p><p></p><p>Your explanation is a great summary of why the distinction into heuristic/behaviour/signature does not work.</p><p>It would be the same as dividing people into these categories: </p><ul> <li data-xf-list-type="ul">naked people</li> <li data-xf-list-type="ul">people over 40</li> <li data-xf-list-type="ul">people that are medical doctors</li> </ul><p>And then you encounter a 45 year old naked medical doctor and suddenly realize, oh wow, I need subcategories for medical doctors, which are naked and over 40</p><p>And I need subcategories for the naked people as well, which are medical doctors and over 40.</p><p>And I need subcategories for the over 40 year olds, which are medical doctors and naked.</p><p></p><p>And, oh my, here I have a person with clothing who is only 10 and not a medical doctor, what a surprise. Let us just add this as subcategory to the medical doctors, even though it does not fit entirely, because why not. So here is medical doctors subcategory "not actually a medical doctor, but clothed and below 40 years old"</p><p></p><p>I totally understand how the authors came to create this graph, since they summarize a lot of papers in one. But it does not make sense nor help anyone to mix up the terms of other papers this way except for showing that this makes stuff very complicated. I bet each of these papers has a different understanding of what the different terms mean, so mixing them does not work. Plus many just parrot the non-sensical stuff you can read everywhere else and for some reason hasn't gotten any sanity check (by which I mean the non-sensical distinction of heuristic/signature/behaviour)</p><p></p><p></p><p>Yes, it works well for your intentions and it was not a criticism towards you posting this. On the contrary, I kinda enjoyed reading it.</p><p></p><p>I still wanted to point out for anyone who is actually trying to understand this, that this needs to be taken with a grain of salt. </p><p></p><p></p><p>It is not behaviour then. The data is obtained dynamically and the scan is done after execution, but the signature is still based on a pattern and not related to any behaviour of the sample.</p></blockquote><p></p>
[QUOTE="struppigel, post: 1001639, member: 86910"] Not really because most of the research has become so detached from reality, it lacks practicability. Especially for AI research I mostly see things that are not usable, suffer from base rate fallacy when evaluating their results, do not take into account a reasonable false positive rate, have an unacceptable performance and try to be a one-in-all solution which never works. Most of the time AV vendors invent their own techniques but then sadly have to keep shut about how it works to not benefit the criminals nor the competitors (I am a huge fan of sharing knowledge but it does not work for participants in capitalism). Your explanation is a great summary of why the distinction into heuristic/behaviour/signature does not work. It would be the same as dividing people into these categories: [LIST] [*]naked people [*]people over 40 [*]people that are medical doctors [/LIST] And then you encounter a 45 year old naked medical doctor and suddenly realize, oh wow, I need subcategories for medical doctors, which are naked and over 40 And I need subcategories for the naked people as well, which are medical doctors and over 40. And I need subcategories for the over 40 year olds, which are medical doctors and naked. And, oh my, here I have a person with clothing who is only 10 and not a medical doctor, what a surprise. Let us just add this as subcategory to the medical doctors, even though it does not fit entirely, because why not. So here is medical doctors subcategory "not actually a medical doctor, but clothed and below 40 years old" I totally understand how the authors came to create this graph, since they summarize a lot of papers in one. But it does not make sense nor help anyone to mix up the terms of other papers this way except for showing that this makes stuff very complicated. I bet each of these papers has a different understanding of what the different terms mean, so mixing them does not work. Plus many just parrot the non-sensical stuff you can read everywhere else and for some reason hasn't gotten any sanity check (by which I mean the non-sensical distinction of heuristic/signature/behaviour) Yes, it works well for your intentions and it was not a criticism towards you posting this. On the contrary, I kinda enjoyed reading it. I still wanted to point out for anyone who is actually trying to understand this, that this needs to be taken with a grain of salt. It is not behaviour then. The data is obtained dynamically and the scan is done after execution, but the signature is still based on a pattern and not related to any behaviour of the sample. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
