Abstract
The number of newly discovered malware is growing exponentially and pose big threats to the digital world. Users are now more frequent to use the Internet while banking or shopping online. These involve currency transactions and attract malware authors to attack servers and client machines. These hosts hold sensitive information such as personal data, browsing history, shopping history, financial details and much more. A conventional anti-malware software expects malicious programs to contain fixed and known structures. Whereas advanced malware like metamorphic malware is capable of obfuscating their internal structures after each infection. In this chapter, we discuss methods for the detection of such advanced malware using various machine learning techniques which detect/classify malware from static, dynamic and memory forensic features. In Sect. 5.1, we describe our tool PeerClear that is designed to detect peer-to-peer botnet. In Sect. 5.2, we describe malware classification tool we designed that works on features extracted from initial stages of their execution. In Sect. 5.3, we describe memory forensics-based malware detection technique we recently developed.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
BGR News Report (2016). https://www.bgr.in/news/cyber-crimes-in-india-rose-19-times-between-2005-2014/
Narang P, Ray S, Hota C (2014) Peershark: detecting peer-to-peer botnets by tracking conversations. In: IEEE security and privacy workshops
Holz T, Steiner M, Dahl F, Biersack E, Freiling F (2008) Measurements and mitigation of peer-to-peer-based botnets: a case study on storm worm. In: Proceedings of the 1st USENIX workshop on large-scale exploits and emergent threats
Nunnery C, Sinclair G, Kang BB (2010) Tumbling down the rabbit hole: exploring the idiosyncrasies of botmaster systems in a multi-tier botnet infrastructure. In: Proceedings of the 3rd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more
Lelli A (2018) Zeusbot/Spyeye P2P updated, fortifying the botnet. https://www.symantec.com/connect/blogs/zeusbotspyeye-p2p-updated-fortifying-botnet
Lontivero: a resilient peer-to-peer botnet agent in .NET. https://github.com/lontivero/vinchuca
Tshark - dump and analyze network traffic (2018). https://www.wireshark.org/docs/man-pages/tshark.html
KimiNewt: python wrapper for tshark, allowing python packet parsing using wireshark dissectors (2018). https://github.com/KimiNewt/pyshark
Beiknejad H, Vahdat-Nejad H, Moodi H (2018) P2P botnet detection based on traffic behavior analysis and classification. Int. J. Comput. Inf. Technol. 6(1):01–12
Dhayal H, Kumar J (2017) Peer-to-peer botnet detection based on bot behaviour. Int J Adv Res Comput Sci 8(3)
Alauthaman M, Aslam N, Zhang L, Alasem R, Hossain MA (2018) A P2P botnet detection scheme based on decision tree and adaptive multilayer neural networks. Neural Comput Appl 29(11):991–1004
Av-TEST security institute (2018). https://www.av-test.org/en/statistics/malware/
CDAC Mohali (2018). https://cdac.in/index.aspx?id=mohali
Malshare (2018). https://malshare.com/ (2018)
Virusshare (2018) https://virusshare.com/
VirusTotal (2012). https://www.virustotal.com. Acquired by Google Inc
Cuckoo Sandbox (2018). https://cuckoosandbox.org/
Packer-tool upx 3.95 (2018). https://github.com/upx/upx/releases/tag/v3.95
Metamorphic code engine (2019). https://github.com/a0rtega/metame
Nari S, Ghorbani AA (2013) Automated malware classification based on network behavior. In: International conference on computing, networking and communications (ICNC)
Tobiyama S, Yamaguchi Y, Shimada H, Ikuse T, Yagi T (2016) Malware detection with deep neural network using process behavior. In: 40th annual IEEE conference on computer software and applications conference (COMPSAC)
Rhode M, Burnap P, Jones K (2017) Early stage malware prediction using recurrent neural networks. CoRR arXiv:abs/1708.03513
Damodaran A, Troia FD, Visaggio CA, Austin TH, Stamp M (2017) A comparison of static, dynamic, and hybrid analysis for malware detection. J Comput Virol Hacking Tech 13:1
Saxea J (2015) Berlin: deep neural network based malware detection using two dimensional binary program features. In: 10th international conference on malicious and unwanted software (MALWARE) (2015)
Islam R, Tian R, Batten LM, Versteeg S (2013) Classification of malware based on integrated static and dynamic features. J Netw Comput Appl 36(2):646–656
Santos I, Devesa J, Brezo F, Nieves J, Bringas PG (2013) Opem: a static-dynamic approach for machine-learning-based malware detection. In: International joint conference CISIS’12-ICEUTE 12-SOCO 12 special sessions. Springer, pp 271–280
Virusshare - malware repository (2011). https://virusshare.com/
Vx heaven dataset (2016). https://archive.org/download/vxheaven-windows-virus-collection
Softonic (2019). https://en.softonic.com/windows/
Softpedia (2019). https://win.softpedia.com/
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Singapore Pte Ltd.
About this chapter
Cite this chapter
Kumar, A., Gupta, M., Kumar, G., Handa, A., Kumar, N., Shukla, S.K. (2020). A Review: Malware Analysis Work at IIT Kanpur. In: Shukla, S., Agrawal, M. (eds) Cyber Security in India. IITK Directions, vol 4. Springer, Singapore. https://doi.org/10.1007/978-981-15-1675-7_5
Download citation
DOI: https://doi.org/10.1007/978-981-15-1675-7_5
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-15-1674-0
Online ISBN: 978-981-15-1675-7
eBook Packages: EngineeringEngineering (R0)