ResearchPDF Available


Malware is a malignant code that expands over the connected frameworks in a system. Malvertising is a malicious action that can distribute malware in different forms through advertising. Malware is the key of advertising and generating the revenue. and for various Internet organizations, extensive advertisement systems; for example, Google, Yahoo and Microsoft contribute a ton of effort to moderate malicious advertising from their advertise network systems. This paper specifically discusses various types of detection techniques; procedures and analysis techniques for detecting the malware threat. Malware detection methods used to detect or identify the malicious activities so that malware could not harm the user system. Moreover, the study includes malicious advertising. This paper will look at the strategies utilized by adware as a part of their endeavors to stay inhabitant on the framework and analyze the sorts of information being separated from the client's framework.
A preview of the PDF is not available
ResearchGate has not been able to resolve any citations for this publication.
Conference Paper
Full-text available
While the spread of the Internet has made the network ubiquitous, it has also rendered networked systems vulnerable to malicious attacks orchestrated from anywhere. These attacks or intrusions typically start with attackers infiltrating a network through a vulnerable host and then launching further attacks on the local network or Intranet. Attackers rely on increasingly sophisticated techniques like using distributed attack sources and obfuscating their network addresses. On the other hand, software that guards against them remains rooted in traditional centralized techniques, presenting an easily-targeted single point of failure. Scalable, distributed network intrusion prevention techniques are sorely needed. We propose Indra - a distributed scheme based on sharing information between trusted peers in a network to guard the network as a whole against intrusion attempts. We present initial ideas for running Indra over a peer-to-peer infrastructure to distribute up-to-date rumors, facts, and trust information in a scalable manner.
Conference Paper
Full-text available
A serious security threat today is malicious executables, especially new, unseen malicious executables often arriving as email attachments. These new malicious executables are created at the rate of thousands every year and pose a serious security threat. Current anti-virus systems attempt to detect these new malicious programs with heuristics generated by hand. This approach is costly and oftentimes ineffective. We present a data mining framework that detects new, previously unseen malicious executables accurately and automatically. The data mining framework automatically found patterns in our data set and used these patterns to detect a set of new malicious binaries. Comparing our detection methods with a traditional signature-based method, our method more than doubles the current detection rates for new malicious executables
Conference Paper
The voluminous malware variants that appear in the Internet have posed severe threats to its security. In this work, we explore techniques that can automatically classify malware variants into their corresponding families. We present a generic framework that extracts structural information from malware programs as attributed function call graphs, in which rich malware features are encoded as attributes at the function level. Our framework further learns discriminant malware distance metrics that evaluate the similarity between the attributed function call graphs of two malware programs. To combine various types of malware attributes, our method adaptively learns the confidence level associated with the classification capability of each attribute type and then adopts an ensemble of classifiers for automated malware classification. We evaluate our approach with a number of Windows-based malware instances belonging to 11 families, and experimental results show that our automated malware classification method is able to achieve high classification accuracy.
Conference Paper
Computer networks are one of those unique gifts of modern science which enriched human life with the blessing of global connectivity. But as the network advanced, intrusions and misuses followed. Consequently, network security has come into issue. Now-a-days intrusion detection systems have become a standard component in security infrastructures. Intrusions typically start with intruders infiltrating a network through a vulnerable host and after that approaching for further malicious attacks. The techniques used for intrusion detection have their particular limitations. Any of the Intrusion Detection Systems proposed so far is not completely flawless. And practically all of them require some kind of termination in network connections. So, the quest for betterment continues. In this progression, here we present PIDS: a complete intrusion detection system which reduces most of the problems contained by the previous systems and it doesn’t need to terminate any network connections to detect the intruder. This system generates quick responses against intrusions and stops the intruder to proceed for further attacks.
Malware analysis is the process of determining the purpose and functionality of a given malware sample (such as a virus, worm, or Trojan horse). This process is a necessary step to be able to develop effective detection techniques for malicious code. In addition, it is an important prerequisite for the development of removal tools that can thoroughly delete malware from an infected machine. Traditionally, malware analysis has been a manual process that is tedious and time-intensive. Unfortunately, the number of samples that need to be analyzed by security vendors on a daily basis is constantly increasing. This clearly reveals the need for tools that automate and simplify parts of the analysis process. In this paper, we present TTAnalyze, a tool for dynamically analyzing the behavior of Windows executables. To this end, the binary is run in an emulated operating system environment and its (security-relevant) actions are monitored. In particular, we record the Windows native system calls and Windows API functions that the program invokes. One important feature of our system is that it does not modify the program that it executes (e.g., through API call hooking or breakpoints), making it more difficult to detect by malicious code. Also, our tool runs binaries in an unmodified Windows environment, which leads to excellent emulation accuracy. These factors make TTAnalyze an ideal tool for quickly understanding the behavior of an unknown malware.
Conference Paper
In this paper, we describe the development of a fielded application for detecting malicious executables in the wild. We gathered 1971 benign and 1651 malicious executables and encoded each as a training example using n-grams of byte codes as features. Such processing resulted in more than 255 million distinct n-grams. After selecting the most relevant n-grams for prediction, we evaluated a variety of inductive methods, including naive Bayes, decision trees, support vector machines, and boosting. Ultimately, boosted decision trees outperformed other methods with an area under the roc curve of 0.996. Results also suggest that our methodology will scale to larger collections of executables. To the best of our knowledge, ours is the only fielded application for this task developed using techniques from machine learning and data mining.
Anubis and Wepawet discontinued (2018). Anubis and Wepawet discontinued. [online] Available at: [Accessed 23 Apr. 2018].
Analyze: A Tool for Analyzing Malware
  • U Bayer
  • C Kruegel
  • E Kirda
  • Tt
Bayer, U., Kruegel, C. and Kirda, E. TT, "Analyze: A Tool for Analyzing Malware". Proceedings of the 15th European Institute for Computer Antivirus Research Annual Conference, 2006.
Fast Effective Rule Induction
  • W Cohen
Cohen, W. "Fast Effective Rule Induction". Proceedings of 12th International Conference on Machine Learning, San Francisco, pp. 115-123,1995.