An Effective Method to Detect Environment-Aware Malware Based on the Behavioral Distances Comparison

Q: How can I download an article?

To download an article from SID, first log in to the site, search for the article title, and click on the 'Download Article' option.

Q: How can I download an ISI article?

To download an ISI article on SID, enter the keyword or article title in the search bar, view the relevant results, click on the desired article, and select the 'Download Article' option.

Q: How can I access the SID database?

To access the SID database, visit SID.ir, create an account, and log in to access scientific resources.

Q: Is downloading articles from SID free?

Some articles on SID are available for free, while others require payment. Details are specified on the article's page.

GHASEMI S.; PARSA S.

مرکز اطلاعات علمی Scientific Information Database (SID) - Trusted Source for Research and Academic Resources

Journal Paper

Paper Information

Journal: JOURNAL OF ELECTRONIC AND CYBER DEFENCE Year:2019 | Volume:6 | Issue:4 (24) Page(s): 123-133

Download Full-Text

Persian Verion

View:

421

Download:

Cites:

Information Journal Paper

Title

An Effective Method to Detect Environment-Aware Malware Based on the Behavioral Distances Comparison

Author(s)

GHASEMI S. | PARSA S. | Issue Writer Certificate

Keywords

Environment-aware malwareQ1

Anti-analysis techniquesQ1

System callQ1

Behavioral DistanceQ1

Support Vector MachinesQ1

Abstract

Given the inefficiency of static analysis methods due to malware techniques such as code polymorphism, metamorphism, and obfuscation, and self-modifying code, leveraging dynamic and heuristic analysis methods that are based on the analysis of runtime behavior of malwares, have become particularly important. Environment-aware malware that attempts to conceal its malicious behavior through dynamic anti-analysis methods has caused problems for dynamic analysis detection methods in practice. The purpose of this study is to present an effective method for Environment-aware malware detection. Regarding to split– personality of such malware behaviors, this research has proposed an effective way to detect Environment-aware malware. This method is based on System call monitoring of malicious and benign samples under the two NtTrace and drstrace softwares with different monitoring techniques and calculating Behavioral Distances as training data to create a Support Vector Machine model. Finally, the resulted support vector machine classifier is used to detect this type of malware with an average precision, recall and accuracy up to 100%, whereas the evaluation of previous related work shows an average precision, recall and accuracy 96. 85%, 95. 68% and 96. 12%, respectively.

Cites

No record.

References

No record.

Cite

APA: Copy

GHASEMI, S., & PARSA, S.. (2019). An Effective Method to Detect Environment-Aware Malware Based on the Behavioral Distances Comparison. JOURNAL OF ELECTRONIC AND CYBER DEFENCE, 6(4 (24) ), 123-133. SID. https://sid.ir/paper/243142/en

Vancouver: Copy

GHASEMI S., PARSA S.. An Effective Method to Detect Environment-Aware Malware Based on the Behavioral Distances Comparison. JOURNAL OF ELECTRONIC AND CYBER DEFENCE[Internet]. 2019;6(4 (24) ):123-133. Available from: https://sid.ir/paper/243142/en

IEEE: Copy

S. GHASEMI, and S. PARSA, “An Effective Method to Detect Environment-Aware Malware Based on the Behavioral Distances Comparison,” JOURNAL OF ELECTRONIC AND CYBER DEFENCE, vol. 6, no. 4 (24) , pp. 123–133, 2019, [Online]. Available: https://sid.ir/paper/243142/en

Related Journal Papers