Malware Detection
(Sprache: Englisch)
In the present work the behavior of malicious software is studied, the security challenges are understood, and an attempt is made to detect the malware behavior automatically using dynamic approach. Various classification techniques are studied. Malwares...
Voraussichtlich lieferbar in 3 Tag(en)
versandkostenfrei
Buch (Kartoniert)
49.99 €
- Lastschrift, Kreditkarte, Paypal, Rechnung
- Kostenlose Rücksendung
Produktdetails
Produktinformationen zu „Malware Detection “
Klappentext zu „Malware Detection “
In the present work the behavior of malicious software is studied, the security challenges are understood, and an attempt is made to detect the malware behavior automatically using dynamic approach. Various classification techniques are studied. Malwares are then grouped according to these techniques and malware with unknown characteristics are clustered into an unknown group. The classifiers used in this research are k-Nearest Neighbors (kNN), J48 Decision Tree, and n-grams.
Lese-Probe zu „Malware Detection “
Text Sample:Chapter 1.5 Malware Detection Techniques
1.5.1 Signature Based Detection
Signature based detection is a simple and most commonly used technique in antivirus software. They are popular because of accurate detection, simplicity and their speed. In signature based detection, the scanner scans each executable and looks for specific string or pattern of bits (signatures). Antivirus software has a database of signatures for different viruses. By comparing the signature, it detects the virus. The disadvantage is that only the known malware can be detected. If the signature is not known, malware cannot be detected. The signature file must be kept up to date. By using simple code obfuscation techniques, malware can easily evade the signature based detection.
1.5.2 Anomaly Based Detection
The problem of detecting new malwares in signature based detection can be overcome using anomaly based detection. Heuristic methods are implemented to detect anomalous behavior. This technique comprises of two phases - the training phase and the detection phase. In the training phase, the model is trained with the normal behavior. Anything other than the normal behavior is considered as malicious behavior. However, there can be more false positives in this technique.
1.5.3 Heuristic Analysis or Pro-Active Defense
Heuristic scanning is similar to signature scanning, except that instead of looking for specific signatures, heuristic scanning looks for certain instructions or commands within a program that are not found in typical application programs. As a result, a heuristic engine is able to detect potentially malicious functionality in new, previously unexamined, malicious functionality such as the replication mechanism of a virus, the distribution routine of a worm or the payload of a Trojan.
[...]
3.3 Datasets Used
The author utilized three datasets: A TrainLable, a test dataset, and a train dataset. The quantity of malware records and individually clean documents in
... mehr
these datasets appears in the initial two segments. As expressed over, the fundamental objective is to accomplish malware location with just a couple (if conceivable 0) of false positives, hence the spotless documents in this dataset (furthermore in the scale-up dataset) is much bigger than the quantity of malware records. The information set comprises of malware information set, both are in the arrangement of gathering (.asm) and byte (parallel).
From the entire list of capabilities that the author made for malware recognition, 308 double components were chosen for the investigations to be displayed in this work. Records that produce comparative qualities for the picked list of capabilities were checked just once. Note that the quantity of clean mixes i.e. blends of highlight qualities for the spotless documents in the three datasets is much little than the quantity of malware. These datasets mixes the spotless documents in the preparation of database which are mostly framework records (from distinctive forms of working frameworks) and executable and library records from diverse mainstream applications. The author likewise utilize clean records that are stuffed or have the same structure or the same geometrical likenesses with malware documents (e.g. utilize the same packer) keeping in mind the end goal to better prepare and test the framework.
The malware documents in the preparation dataset have been taken from the Training Data Set. The test dataset contains malware documents from the TrainLable accumulation and clean records from distinctive working frameworks (different documents that the ones utilized as a part of the first database). The malware accumulation in the preparation and test datasets comprises of Ramnit, Lollipop, Kelihos_ver3, Vundo, Simda, Tracur, Kelihos_ver1, Obfuscator-ACY and Gatak sorts of malware. The primary and third sections speak to the rate of those malware sorts from the aggregate number of documents of the preparation and separat
From the entire list of capabilities that the author made for malware recognition, 308 double components were chosen for the investigations to be displayed in this work. Records that produce comparative qualities for the picked list of capabilities were checked just once. Note that the quantity of clean mixes i.e. blends of highlight qualities for the spotless documents in the three datasets is much little than the quantity of malware. These datasets mixes the spotless documents in the preparation of database which are mostly framework records (from distinctive forms of working frameworks) and executable and library records from diverse mainstream applications. The author likewise utilize clean records that are stuffed or have the same structure or the same geometrical likenesses with malware documents (e.g. utilize the same packer) keeping in mind the end goal to better prepare and test the framework.
The malware documents in the preparation dataset have been taken from the Training Data Set. The test dataset contains malware documents from the TrainLable accumulation and clean records from distinctive working frameworks (different documents that the ones utilized as a part of the first database). The malware accumulation in the preparation and test datasets comprises of Ramnit, Lollipop, Kelihos_ver3, Vundo, Simda, Tracur, Kelihos_ver1, Obfuscator-ACY and Gatak sorts of malware. The primary and third sections speak to the rate of those malware sorts from the aggregate number of documents of the preparation and separat
... weniger
Bibliographische Angaben
- Autor: Priyanka Nandal
- 2017, 72 Seiten, 7 Abbildungen, Maße: 15,5 x 22 cm, Kartoniert (TB), Englisch
- Verlag: Anchor Academic Publishing
- ISBN-10: 396067208X
- ISBN-13: 9783960672081
Sprache:
Englisch
Kommentar zu "Malware Detection"
Schreiben Sie einen Kommentar zu "Malware Detection".
Kommentar verfassen