A Survey on Feature Extraction Methods of Heuristic Malware Detection

Abstract

In the age of the Internet, while the network is sending a lot of information to people, hackers also transmit a lot of malicious code through the network. Hackers use these malicious codes to steal sensitive information from infected people and damage machines and devices to achieve their evil goals. Therefore, it is very important to accurately detect malware to protect users from loss. There are now three major methods of detecting malware, which are signature-based, behavior-based, and heuristic-based methods. However, with the rapid increase in the types and number of malware, signature -based method can't detect unknown malware and behavior-based cannot guarantee the False Positive Ratio. So these detection methods can no longer meet the needs. Therefore, some researchers proposed some heuristic-based detection methods. In this article we overview the methods used to extract features and the features extracted in heuristic detection and discuss the advantages and disadvantages of the features.