MS Word PDF Plain Text
Call or whatsapp: +2347063298784 or email: update@iprojectworks.com.



ANALYSIS OF MALWARE DETECTION TECHNIQUES



CHAPTER ONE

 

1.1 INTRODUCTION

 

Malware which is an acronym for Malicious Software has become a worldwide epidemic in the information and communication technology world. Advancement in technology has been negatively used by the black-minds for development of more dangerous and sophisticated malicious software, hence the numbers of computer systems attacked daily is on the increase and malware’s impact is getting worse daily. There is a shift from the normal malware to the advanced malware, and the rise of the advanced malware is reshaping the threat scene and compelling computer security experts and researchers to reassessment. This led to a great war among the malware developers and anti-malware developers.

 

An important task in cybersecurity today is the protection of computer systems and resources against malwares irrespective of usage of the computer system. This is because a single attack can result in compromise of data and sufficient losses. These massive attacks and sufficient losses therefore call and emphasize the core need for accurate and timely detection approaches. For malware to be detected, there must be a comprehensive and extensive analysis of data both on the internet and otherwise. This analysis classifies data into normal data and malicious data and the malicious data are called malwares.

 

Computer security and cybersecurity experts are confronted with a greater challenge these days than the yester years due to the rise in using internet and networks. Malwares are developed for negative reasons either to destroy the computer resource or to breach data integrity. Some malware are created not for destruction or breach purposes but with a financial intention, that is to make money. Examples of this kind of malwares are Adware and Ransomware. There are three techniques for malware detection namely signature based, behaviour based and heuristic. Traditionally, malware detection is done using signature based technique but not all malwares can be detected using signature based and behaviour based techniques (Zahra et al, 2013; Saja and Omar, 2016; Allan, 2016). Advanced malwares such as polymorphic and metamorphic, are responsible for advanced persistent threats (APTs), hence good at bypassing signature based and behaviour based anti-malware programs. The downsides of signature and behavioural detection techniques made researchers to develop another technique for malware detection. This uses either machine learning algorithms or data mining algorithms to detect malwares. This technique is called Heuristics. Heuristics malware detection overcame the downsides of both signature based and behaviour based detection techniques, but it also came with its own downside which has to do with the high rate of false positives.

The essence of this paper is to compare these three malware detection techniques with a view to isolating their strengths and weaknesses and equally suggest the way forward to mitigating the prevalent threats in our cyberspace.

 

1.2 BACKGROUND OF THE STUDY

With the escalating growth of communication and information systems, a new term and acronym invaded the digital world called as malware. It is a general term, which stands for malicious software and has many shapes (codes, scripts, active content and others). It has been designed to achieve some targets such as, collecting sensitive data, accessing private computer systems, even sometimes harming the systems. The malware can reach the systems in different ways and through multiple media; the most common way is the downloading process from the internet, once the malware finds its way to the systems, based on the functions of the malware the drama will begin. In some cases, the malware will not totally harm the system, instead affect the performance and creates overload process; in case of spying, the malware hides itself in the system, which cannot be detected by the anti-virus software, these hidden malware send critical information about the computer to the source. Based on the above challenges, it is critical to carry out an in-depth analysis to understand the malware for better detection and removal chance. This paper is organized as follows: Section two has covered the recent state of the malware security and threats through results obtained from different journals. Section three discusses about the types of malware, section four presents the malware analysis techniques. Section five studies the propagation of malware in different applications and environment, and finally section six explains malware detection techniques.

 

Now day malware threats were assessed by IT security organizations has been growing more than ten thousand every day. Symantec Internet Security Threat Report (2011) reveals that the total number unique variants of malware in the world in 2011 around 403 million compared to 286 million variants in 2010. By using many avoidance techniques such as self-defending code, packing, anti-debugging and anti-Virtualization techniques has a leading a problems on computer network especially cause of bottlenecks in the network and increased threat of criminal for corporate and individual data. The most challenging for antivirus organization and researcher is about the threat that occurs in computer applications because of the unknown vulnerability or known as a zero-day attack. This attack will take advantage of an application that has issue of security vulnerability. Thus, this research endeavours to discover the best solution by conducting malware analysis. The malware analysis can conduct in many environments or platform such as using the virtual machine environment such as Virtual PC, VMware and QEMU. The online analysis tools like Sandbox or use traditional way with using real machine environment in a secure environment. Choose the right malware analysis environment is very import to make sure the result from analysis can get the accuracy of information about the malware threat.

 

The problem to be examined involves the high spreading rate of computer malware (viruses, worms, Trojan horses, rootkits, botnets, backdoors, and other malicious software) and conventional signature matching-based antivirus systems fail to detect polymorphic and new, previously unseen malicious executables. Malware are spreading all over the world through the Internet and are increasing day by day, thus becoming a serious threat. The manual heuristic inspection of static malware analysis is no longer considered effective and efficient compared against the high spreading rate of malware.

 

 

Nevertheless, researches are trying to develop various alternative approaches in combating and detecting malware. One proposed approach (solution) is by using automatic dynamic (behavior) malware analysis combined with data mining tasks, such as, machine learning (classification) techniques to achieve effectiveness and efficiency in detecting malware.

 

1.2 OBJECTIVE OF THE STUDY                                       

The main objective of carrying out malware analysis is to gain an understanding of the mode of operation of a given piece of malware to come up with an appropriate defence to protect all the vulnerable systems.

1.3 STATEMENT OF PROBLEM                                     

Many studies, surveys, experiments, brainstorming, statistical analysis and modeling methods have been done to gain deeper knowledge and valuable information about malware because the attackers are continually developing their abilities, attacking skills and techniques. In order to make the tracking and detection processes difficult, and to pose new challenges to inspectors, all these studies and works are not sufficient enough to cover the rapid increase in malware evolution. Based on our understanding Virus Bulletin (1988) was the first dedicated Journal to study the malware, while, now there are a lot of Journals available that are dedicated to the security issues, especially malware issues. This paper has been presented to gain understanding about the various issues related to malware. We have used much recourse to form different papers and journals, the details of the recourses that we used, will be shown in data collection part in more details.

 

1.4 SIGNIFICANCE OF THE STUDY                                  

The need exists to better understand malware by performing malware analysis. This work is primarily relegated to the antivirus vendors. However, the details of how the malware behaves are often hidden, primarily because exposing the details in the code can provide others hints on how they could start and improve that code for future malware. This is, of course, happening already in the malware development community.  

 

1.5 SCOPE OF THE STUDY                                          

Malware have capabilities to hide themselves and even manipulate the registry keys available in system. So in order to see those changes a proper environment or lab is required. Creating a proper lab for analysis of a malware is very important to understand the behaviour. We will use VMware workstation or oracle virtual box for creating a lab in which will have certain set of operating systems, basic forensic tools, local network connection and snapshot availability. Ability to manipulate network settings so that our lab should not affect our actual networks is very important. Basic use of Wireshark networking monitoring packet sniffer to learn how a malware tries to infect other system present in the network. In the end will be talk about counter measures and certain steps to take while performing dynamic malware analysis. Incident response, basic forensics, Malware discovery and basic reverse engineering will be benefit from this research paper.

1.6 METHODOLOGY   

The method we have followed to collect data was based on journals reviewing and analyzing. Then we have moved to gather the similar topics and ideas, and group them in specific structure as required, for instance, we categorized all topics related to malware and its propagation in different networks and environments such as, LANs, Bluetooth, and Wireless Networks under one main category called malware propagation. Another category is malware detection techniques, where we have gathered all techniques such as, anomaly-based detection, specification-based detection and signature-based detection. We have applied this method on the remaining topics covered in our resources, but we categorized all the topics that do not belong to any main category, as separate category named as, other.

 

During the categorization process some topics fitted into more than one category, while other topics did not overlap. Some of the overlapped topics were categorized into a category called as Other, for example in the case of virtualization, it has been categorized once as malware detection technique, and once as environment for malware propagation, the reason behind this was, going deeply into the details of keywords and abstract on virtualization papers gave us clear picture how to categorize it in the right manner. So we simply consider the keywords and abstract of the paper as the base of categorization process and if still unclear, we investigated the discussion and conclusion part to differentiate the topics.

 

 

1.7 LIMITATIONS OF THE STUDY

 

 

The publications related to this paper are more common in university libraries than in the offices of chief security officers and companies specialized in information security service such as, Norton and McAfee. Another point related to the publications of this study is, how the publications are distributed in many topics related to malware, and this will not help to dig enough for solutions and defense mechanisms, against malware attacks. It may help to clarify the picture of malware issues, but not enough for enhancement process and additional contributions. The authors were looking to the malware from different angles and viewpoints, which are great, but will confuse the readers. On the other hand the numbers of statistics provided and details analyzed are also few, to adequately sustain very significant research value. In this case, where most of the papers are too specific in their corresponding research field and purpose, it is difficult to generalize the specimen into statistical data with higher accuracy. We have also realized that most papers are from IEEE publications, and thus also acknowledged this as a form of limitation on availability of more related research publications in other sources.

                                 

1.8 DEFINITION OF TERMS

1.     Malware: Malware, or malicious software, is any program or file that is harmful to a computer user. Types of malware can include computer viruses, worms, Trojan horses and spyware.

2.     Cybersecurity: Cybersecurity is the protection of internet-connected systems, including hardware, software and data, from cyberattacks. In a computing context, security comprises cybersecurity and physical security -- both are used by enterprises to protect against unauthorized access to data centers and other computerized systems.

3.     Hacking: Hacking is an attempt to exploit a computer system or a private network inside a computer. Simply put, it is the unauthorised access to or control over computer network security systems for some illicit purpose. Description: To better describe hacking, one needs to first understand hackers.

4.     Heuristics: A heuristic technique, or a heuristic for short, is any approach to problem solving or self-discovery that employs a practical method that is not guaranteed to be optimal, perfect or rational, but which is nevertheless sufficient for reaching an immediate, short-term goal.

5.     Software: Computer software, or simply software, is a collection of data or computer instructions that tell the computer how to work. This is in contrast to physical hardware, from which the system is built and actually performs the work.



Delivery Assurance: This Project material is delivered within 15-30 Minutes. Click below to download complete material.


Download Complete Project Material

Search for more Project topics and Materials on this websites. There are numerous Project Topics, enter the topic and Click to Search.