Investigation of Possibilities to Detect Malware Using Existing Tools


ASLAN Ö., SAMET R.

14th IEEE/ACS International Conference on Computer Systems and Applications (AICCSA), Hammamet, Tunus, 30 Ekim - 03 Kasım 2017, ss.1277-1284 identifier identifier

  • Yayın Türü: Bildiri / Tam Metin Bildiri
  • Doi Numarası: 10.1109/aiccsa.2017.24
  • Basıldığı Şehir: Hammamet
  • Basıldığı Ülke: Tunus
  • Sayfa Sayıları: ss.1277-1284
  • Anahtar Kelimeler: Malware Analysis, Malware Detection, Static and Dynamic Analysis Tools, Malware Accuracy and Detection Rate
  • Ankara Üniversitesi Adresli: Evet

Özet

Malware stands for malicious software, which is installed on a computer system without the knowledge of the system owner. It performs malicious actions such as stealing confidential information and allowing remote code execution, and it can cause denial of service. Recently, malware creators started to publish new malware, which can bypass anti-malware software, intrusion detection systems (IDS) and sandbox execution. Due to this evasion, the protection of computer networks and computerized systems against these programs has become one of the biggest challenges in the information security realm. This paper proposes a methodology to learn the well-known malware analysis and detection tools, to implement these tools on well-known malware and benign programs and to compare the obtained results. Further, this research will suggest to users how to analyze and detect existing and unknown malware. In a test case, 100 malware and 100 benign program samples were collected from different sources and analyzed under different versions of Windows machines. The test results indicated that it is almost impossible to detect malware by only using one tool. Using static and dynamic analysis tools together increased accuracy and the detection rate. The test results also showed that dynamic malware analysis tools outperformed static analysis tools.