Analysis and evaluation of dynamic feature-based malware detection methods

Abstract

While increasing the threat of malware for information systems, researchers strive to find alternative malware detection methods based on static, dynamic and hybrid analysis. Due to obfuscation techniques to bypass the static analysis, dynamic methods become more useful to detect malware. Therefore, most of the researches focus on dynamic behavior analysis of malicious software. In this work, our main objective is to find more discriminative dynamic features to detect malware executables by analyzing different dynamic features with common malware detection approaches. Moreover, we analyze separately different features obtained in dynamic analysis, such as API-call, usage system library and operations, to observe the contributions of these features to malware detection and classification success. For this purpose, we evaluate the performance of some dynamic feature-based malware detection and classification approaches using four data sets that contain real and synthetic malware executables.