Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Malware Analysis
Malware Detection Issues, Challenges, and Future Directions: A Survey
Message
<blockquote data-quote="Andy Ful" data-source="post: 1001652" data-attributes="member: 32260"><p>That is right, the practice and research often go parallelly. But scientific research does not look as you think. The very important thing is that it uses unified language and formalism so people can compare, repeat, and confirm the results (AV vendors avoid such things). Exploring the wrong paths is as important as the rare success events. The AV vendors hire people who have got experience in Machine Learning, Big Data, AI, etc. Most of them read similar articles to keep track of new research. They are similar to engineers and inventors who are able to adopt in practice the research in physics, chemistry, electronics, etc.</p><p>There are many examples related to Machine Learning and AI. The theoretical models adopted by AV vendors were discovered and researched many years ago. Most techniques were used in medicine, speech recognition, computer vision, computer gaming, data mining, etc. People who work for AV vendors often use the known tools used generally in Machine Learning (usually written in Python).</p><p></p><p></p><p>Yes, keeping shut is for benefit of AV vendors, but not always for the benefit of customers. Anyway, the same is true for scientific research.</p><p></p><p></p><p>That was my intention and the intention of the authors of this article. But it would be hard to avoid these terms because most people use these terms (heuristic/behaviour/signature). These terms are very popular among researchers so using something else would make the article even harder to understand. So, the authors show only that heuristic/behaviour/signature, and probably some others should be treated together as a unified approach.</p><p></p><p></p><p></p><p>Let's leave the final decision to the researchers. They like reviews for some reason and most reviews must mix up the terms and look complicated. <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite109" alt=":)" title="Smile :)" loading="lazy" data-shortname=":)" /></p><p></p><p></p><p>This can depend on the definition of signature and behavior. These terms are not precisely defined. Many people think about the signature as something related to static detection. But in many cases, the code of the malware file on disk is different from the final code executed in memory. In such cases, the code in memory can depend on the behavior. The malware can initially load the code to memory and then modify some parts of it when running. The detection can include both behavior and Opcode created by this behavior. Of course, in many cases, these things can be also separated.</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 1001652, member: 32260"] That is right, the practice and research often go parallelly. But scientific research does not look as you think. The very important thing is that it uses unified language and formalism so people can compare, repeat, and confirm the results (AV vendors avoid such things). Exploring the wrong paths is as important as the rare success events. The AV vendors hire people who have got experience in Machine Learning, Big Data, AI, etc. Most of them read similar articles to keep track of new research. They are similar to engineers and inventors who are able to adopt in practice the research in physics, chemistry, electronics, etc. There are many examples related to Machine Learning and AI. The theoretical models adopted by AV vendors were discovered and researched many years ago. Most techniques were used in medicine, speech recognition, computer vision, computer gaming, data mining, etc. People who work for AV vendors often use the known tools used generally in Machine Learning (usually written in Python). Yes, keeping shut is for benefit of AV vendors, but not always for the benefit of customers. Anyway, the same is true for scientific research. That was my intention and the intention of the authors of this article. But it would be hard to avoid these terms because most people use these terms (heuristic/behaviour/signature). These terms are very popular among researchers so using something else would make the article even harder to understand. So, the authors show only that heuristic/behaviour/signature, and probably some others should be treated together as a unified approach. Let's leave the final decision to the researchers. They like reviews for some reason and most reviews must mix up the terms and look complicated. :) This can depend on the definition of signature and behavior. These terms are not precisely defined. Many people think about the signature as something related to static detection. But in many cases, the code of the malware file on disk is different from the final code executed in memory. In such cases, the code in memory can depend on the behavior. The malware can initially load the code to memory and then modify some parts of it when running. The detection can include both behavior and Opcode created by this behavior. Of course, in many cases, these things can be also separated. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
