Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Malware Analysis
Malware Detection Issues, Challenges, and Future Directions: A Survey
Message
<blockquote data-quote="struppigel" data-source="post: 1001659" data-attributes="member: 86910"><p>Ah, I was only talking about research tailored towards malware detection because those are the ones that make use of malware detection taxonomies.</p><p>I agree with you in that the advances in machine learning in general help us.</p><p></p><p>Regarding: "it uses unified language and formalism so people can compare, repeat, and confirm the results"</p><p>They should do that, but in IT security terminology is a mess and every paper uses other definitions, especially for the terms we are talking about here.</p><p></p><p></p><p>I was not suggesting to avoid those terms. They just do not relate to each other in the way this taxonomy wants to make us believe as in they are no types or boxes you can put detection mechanisms into. Instead they are characteristics that detection mechanisms can have.</p><p></p><p></p><p>Didn't you just say there is unified language?</p><p></p><p>Opcode is not behavior, even if created by behavior. If that was the logic, then all files would be behavior too, because they are created by file creation behavior. Where does it end?</p><p></p><p>I think we can agree that a behavior-based detection mechanism must be related to behavior in some way. However, that is not the case with opcode in memory because it can just be there without ever being executed. To detect the opcode in memory, it is completely irrelevant what the malware did prior to put it there. In most cases it will be the Windows loader that put it in memory and not the malware.</p><p></p><p>Dynamic extraction of data does not mean behavior either. The word for that is already there: dynamic.</p></blockquote><p></p>
[QUOTE="struppigel, post: 1001659, member: 86910"] Ah, I was only talking about research tailored towards malware detection because those are the ones that make use of malware detection taxonomies. I agree with you in that the advances in machine learning in general help us. Regarding: "it uses unified language and formalism so people can compare, repeat, and confirm the results" They should do that, but in IT security terminology is a mess and every paper uses other definitions, especially for the terms we are talking about here. I was not suggesting to avoid those terms. They just do not relate to each other in the way this taxonomy wants to make us believe as in they are no types or boxes you can put detection mechanisms into. Instead they are characteristics that detection mechanisms can have. Didn't you just say there is unified language? Opcode is not behavior, even if created by behavior. If that was the logic, then all files would be behavior too, because they are created by file creation behavior. Where does it end? I think we can agree that a behavior-based detection mechanism must be related to behavior in some way. However, that is not the case with opcode in memory because it can just be there without ever being executed. To detect the opcode in memory, it is completely irrelevant what the malware did prior to put it there. In most cases it will be the Windows loader that put it in memory and not the malware. Dynamic extraction of data does not mean behavior either. The word for that is already there: dynamic. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
