Dynamic Malware Analysis and Detection in Virtual Environment

Full Text (PDF, 528KB), PP.48-55

Views: 0 Downloads: 0


Akshatha Sujyothi 1,* Shreenath Acharya 1

1. Department of Computer Science, St Joseph Engineering College, Mangaluru, 575028, India

* Corresponding author.

DOI: https://doi.org/10.5815/ijmecs.2017.03.06

Received: 8 Nov. 2016 / Revised: 9 Dec. 2016 / Accepted: 14 Jan. 2017 / Published: 8 Mar. 2017

Index Terms

Static code analysis, malware, dynamic malware analysis, clustering, classification


The amount and the complexity of malicious activity increasing and evolving day by day. Typical static code analysis is futile when challenged by diverse variants. The prolog of new malware samples every day is not uncommon and the malware designed by the attackers have the ability to change as they propagate. Thus, automated dynamic malware analysis becomes a widely preferred technique for the identification of unknown malware.
In this paper, an automated malware detection system is presented based on dynamic malware analysis approach. The behavior of malware is observed in the controlled environment of the popular malware analysis system. It uses the clustering and classification of embedded malware behavior reports to identify the presence of malicious behavior. Based on the experimentation and evaluation it is evident that the proposed system is able to achieve better F-measures, FPR, FNR, TPR and TNR values resulting in accurate classification leading to more efficient detection of unknown malware compared to the traditional hierarchical classification approach.

Cite This Paper

Akshatha Sujyothi, Shreenath Acharya,"Dynamic Malware Analysis and Detection in Virtual Environment", International Journal of Modern Education and Computer Science(IJMECS), Vol.9, No.3, pp.48-55, 2017. DOI:10.5815/ijmecs.2017.03.06

[1]Ulrich Bayer, Imam Habibi, Davide Balzarotti, Engin Kirda, Christopher Kruegel, “A View on Current Malware Behaviors”, In USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET), 2009
[2]Michael R. Watson, Noor-ul-hassan Shirazi, Angelos K. Marnerides, Andreas Mauthe, David Hutchison,” Malware Detection in Cloud Computing Infrastructures”, IEEE Transactions on Dependable and Secure Computing, DOI. 10.1109/TDSC.2015.2457918,2015
[3]Ulrich Bayer_,Paolo Milani Comparetti_,Clemens Hlauschek_,Christopher Kruegel§, Engin Kirda,” Scalable, Behavior-Based Malware Clustering”, In Proceedings of the Network and Distributed System Security Symposium, 2009
[4]Syarif Yusirwan S, Yudi Prayudi, Imam Riadi, ” Implementation of Malware Analysis using Static and Dynamic Analysis Method”, International Journal of Computer Applications, Vol 117 – No. 6, May 2015
[5]Lorenzo Martignoni, Roberto Paleari, Danilo Bruschi, “A framework for behavior-based malware analysis in the cloud”, 2009
[6]D. Kirat, G. Vigna, and C. Kruegel, “BareCloud: Bare-metal Analysisbased Evasive Malware Detection,” in 23rd USENIX Security Symposium (USENIX Security 14). USENIX Association, 2014
[7]Dhilung Kirat, Giovanni Vigna, “MalGene: Automatic Extraction of Malware Analysis Evasion Signature”, CCS’15, October 12–16, 2015
[8]Philip O’Kane, Sakir Sezer, Kieran McLaughlin, “SVM Training Phase Reduction Using Dataset Feature Filtering for Malware Detection”, IEEE Transactions on Information Forensics and Security, Vol. 8, No. 3, March 2013
[9]Konrad Rieck, Philipp Trinius, Carsten Willems,Thorsten Holz,” Automatic Analysis of Malware Behavior using Machine Learning”,Journal Of Computer Security, Vol. 19, pp. 639-668, 2011
[10]Virusshare. https://virusshare.com/
[11]ANUBIS. https://anubis.iseclab.org/
[12]CWSandbox. http://cwsandbox.org/
[13]Ether. http://ether.gtisc.gatech.edu/
[14]Cuckoo https://www.cuckoosandbox.org/
[15]Malheur http://www.mlsec.org/malheur/
[16]A. K. Marnerides, M. R. Watson, N. Shirazi, A. Mauthe, and D. Hutchison, “Malware analysis in cloud computing: Network and system characteristics,” IEEE Globecom 2013, 2013.
[17]A. K. Marnerides, P. Spachos, P. Chatzimisios, and A Mauthe, “Malware detection in the cloud under ensemble empirical model decomposition,” in Proceedings of the 6th IEEE International Conference on Networking and Computing, 2015.
[18]M. Christodorescu, R. Sailer, D. L. Schales, D. gandurra, and D. Zamboni, “Cloud security is not (just) virtualization security: A short paper,” in Proceedings of the 2009 ACM Workshop on Cloud Computing Security, ser. CCSW ’09. New York, NY, USA: ACM, pp. 97–102. 2009
[19]P. Trinius, C.Willems, T. Holz, and K. Rieck. A malware instruction set for behavior-based analysis. In Proceedings of 5th GI Conference “Sicherheit, Schutz und Zuverl¨assigkeit”, Berlin, Germany, 2010