Many papers have been published in this regard demonstrating the effect of applying machine learning on malware detection, for example, the work of Suleiman et al. Therefore, it can catch more variants of a given malware according to a single pattern. Although signatures can find the exact match with the searched pattern, the machine learning models search for the closest matches with the searched pattern. Recently, some anti-virus products have applied machine learning to detect malware. Several studies have been published on this topic like the study in, which classifies malware based on their application programming interface (API) calls and behavioural analysis. These indicators focus on what the malware is doing on the target machine and not on the characteristics of the malware as a file. Unlike this category of anti-virus, behavioural or host-based indicators are also used to detect malware. This is a disadvantage for the anti-virus signatures. To evade a particular signature, a single malware can generate multiple variants that vary in their static properties using packers or by altering a character in its content. 1 1Ī signature for multiple files is called generic signature. The signature can be unique for a specified file or for multiple different files. If a signature is found, the file will be deleted or quarantined. When this file arrives at a specified machine and even before this file is written in the drive (if real-time scanning is enabled), the traditional anti-virus scans this file searching for signatures. Indeed, it searches according to one or several databases for a number of bits extracted from the given file. This detection/identification consists to process a given file like a sequence of bits out of any execution context. Malware detection or identification is essentially based on statistical analysis in other words, it looks for signatures. IET Generation, Transmission & Distribution.
IET Cyber-Physical Systems: Theory & Applications.IET Collaborative Intelligent Manufacturing.CAAI Transactions on Intelligence Technology.
0 kommentar(er)
