Botnet, network malware and anomaly detection algorithms are hard to evaluate and compare against each other due to different data sets. In some cases overspecialization on known malware gives high detection rates due to unknown artifacts in the training data set. This may lead to new malware being unnoticed on a network, because the detection algorithm has not been optimized for this case. Our...

Android devices are growing exponentially and are connected through the internet accessing billion of online websites. The popularity of these devices encourages malware developer to penetrate the market with malicious apps to annoy and disrupt the victim. Although, for the detection of malicious apps different approaches are discussed. However, proposed approaches are not suffice to detect the...

This paper analyzes different Android malware detection techniques from several research papers, some of these techniques are novel while others bring a new perspective to the research work done in the past. The techniques are of various kinds ranging from detection using host based frameworks and static analysis of executable to feature extraction and behavioral patterns. Each paper is reviewe...

We propose a new technique for Android malware detection that combines the respective strengths of learningand signature-based approaches. Our approach uses a new learning algorithm based on Maximum Satisfiability (MaxSAT) to automatically synthesize semantic malware signatures from very few instances of a malware family. Our key insight is that the common functionality of a malware family can ...

Machine-learning-based Android malware classifiers perform badly on the detection of new malware, in particular, when they take API calls and permissions as input features, which are the best performing features known so far. This is mainly because signature-based features are very sensitive to the training data and cannot capture general behaviours of identified malware. To improve the robustn...

Signature-based malware detection will always be a step behind as novel malware cannot be detected. On the other hand, machine learning-based methods are capable of detecting novel malware but classification is frequently done in an offline or batched manner and is often associated with time overheads that make it impractical. We propose an approach that bridges this gap. This approach makes us...

Mobile handsets, especially smartphones, are becoming more open and general-purpose, thus they also become attack targets of malware. Threat of malicious software has become an important factor in the safety of smartphones. Android is the most popular open-source smartphone operating system and its permission declaration access control mechanisms can’t detect the behavior of malware. In this wo...

Attackers have come to leverage exploits precipitated by system vulnerabilities and lapses by using malware which otherwise tends to be noisy as it generates unusual network traffic and system calls. Such noise is usually captured by intrusion detection systems. Therefore, malware-free intrusions which generate little noise if any at all, are especially attractive to APT actors because they cov...

As malicious software threats have changed, the anti-malware products have had to evolve, too. Simple signature-based detection proved to have downsides when having to deal with thousands of new malware samples daily. It takes time to process a sample and make a signature available. In the meantime a customer’s system remains completely unprotected from that particular threat. Hence heuristic d...

In recent years, the number of malware families/variants has exploded dramatically. Automatic malware classification is becoming an important research area. Using data mining, we identify seven key features within the Microsoft PE file format that can be fed to machine learning algorithms to classify malware. In this paper, resting on the analysis of Windows API execution sequences called by PE...