Revision as of 13:07, 9 June 2024 edit Cloud 223 (talk \| contribs) 175 edits No edit summary Tags: Visual edit Mobile edit Mobile web edit ← Previous edit		Revision as of 13:47, 26 June 2024 edit undo Jumbo T (talk \| contribs) Extended confirmed users 1,411 edits →‎Identification methods: ce Tags: Mobile edit Mobile app edit Android app edit Next edit →
Line 142: There are several methods which antivirus engines can use to identify malware: * '''Sandbox detection''': a particular behavioural-based detection technique that, instead of detecting the behavioural fingerprint at run time, it executes the programs in a [[virtual machine\|virtual environment]], logging what actions the program performs. Depending on the actions logged which can include memory usage and network accesses,<ref>{{Cite journal \|last1=Lv \|first1=Mingqi \|last2=Zeng \|first2=Huan \|last3=Chen \|first3=Tieming \|last4=Zhu \|first4=Tiantian \|date=2023-10-01 \|title=CTIMD: Cyber Threat Intelligence Enhanced Malware Detection Using API Call Sequences with Parameters \|url=https://www.sciencedirect.com/science/article/pii/S0167404823004285 \|journal=Computers & Security \|volume=136 \|pages=103518 \|doi=10.1016/j.cose.2023.103518 \|issn=0167-4048}}</ref> the antivirus engine can determine if the program is malicious or not.<ref>[https://enterprise.comodo.com/security-solutions/endpoint-protection/sandboxing.php Sandboxing Protects Endpoints \| Stay Ahead Of Zero Day Threats] {{webarchive\|url=https://web.archive.org/web/20150402115401/https://enterprise.comodo.com/security-solutions/endpoint-protection/sandboxing.php \|date=April 2, 2015}}. Enterprise.comodo.com (June 20, 2014). Retrieved on 2017-01-03.</ref> If not, then, the program is executed in the real environment. ~~Albeit~~Although this technique has shown to be quite effective, given its heaviness and slowness, it is rarely used in end-user antivirus solutions.{{sfn\|Szor\|2005\|pp=474–481}} * '''[[Data mining]] techniques''': one of the latest approaches applied in malware detection. [[Data mining]] and [[machine learning]] algorithms are used to try to classify the behaviour of a file (as either malicious or benign) given a series of file features, that are extracted from the file itself.<ref>Kiem, Hoang; Thuy, Nguyen Yhanh and Quang, Truong Minh Nhat (December 2004) "A Machine Learning Approach to Anti-virus System", ''Joint Workshop of Vietnamese Society of AI, SIGKBS-JSAI, ICS-IPSJ and IEICE-SIGAI on Active Mining; Session 3: Artificial Intelligence'', Vol. 67, pp. 61–65</ref><ref>{{cite book\|title=Data Mining Methods for Malware Detection\|url=https://books.google.com/books?id=lZto6RraGOwC&pg=PR15\|year=2008\|isbn=978-0-549-88885-7\|pages=15–\|url-status=live\|archive-url=https://web.archive.org/web/20170320111622/https://books.google.com/books?id=lZto6RraGOwC&pg=PR15\|archive-date=March 20, 2017}}</ref><ref>{{cite book\|author1=Dua, Sumeet\|author2=Du, Xian\|title=Data Mining and Machine Learning in Cybersecurity\|url=https://books.google.com/books?id=1-FY-U30lUYC&pg=PP1\|date=April 19, 2016\|publisher=CRC Press\|isbn=978-1-4398-3943-0\|pages=1–\|url-status=live\|archive-url=https://web.archive.org/web/20170320093100/https://books.google.com/books?id=1-FY-U30lUYC&pg=PP1\|archive-date=March 20, 2017}}</ref><ref>{{cite book\|doi=10.1109/ACT.2010.33\|chapter=Analysis of Machine learning Techniques Used in Behavior-Based Malware Detection\|title=2010 Second International Conference on Advances in Computing, Control, and Telecommunication Technologies\|page=201\|year=2010\|last1=Firdausi\|first1=Ivan\|last2=Lim\|first2=Charles\|last3=Erwin\|first3=Alva\|last4=Nugroho\|first4=Anto Satriyo\|isbn=978-1-4244-8746-2\|s2cid=18522498}}</ref><ref>{{cite book\|doi=10.1145/1593105.1593239\|chapter=A survey of data mining techniques for malware detection using file features\|title=Proceedings of the 46th Annual Southeast Regional Conference on XX – ACM-SE 46\|page=509\|year=2008\|last1=Siddiqui\|first1=Muazzam\|last2=Wang\|first2=Morgan C.\|last3=Lee\|first3=Joohan\|isbn=9781605581057\|s2cid=729418}}</ref><ref>{{cite book\|doi=10.1109/CCST.2003.1297626\|chapter=Intelligent automatic malicious code signatures extraction\|title=IEEE 37th Annual 2003 International Carnahan Conference on ''Security'' Technology, 2003. Proceedings\|page=600\|year=2003\|last1=Deng\|first1=P.S.\|last2=Jau-Hwang Wang\|last3=Wen-Gong Shieh\|last4=Chih-Pin Yen\|last5=Cheng-Tan Tung\|isbn=978-0-7803-7882-7\|s2cid=56533298}}</ref><ref>{{cite book\|doi=10.1109/PDP.2010.30\|chapter=Malware Detection by Data Mining Techniques Based on Positionally Dependent Features\|title=2010 18th Euromicro Conference on Parallel, Distributed and Network-based Processing\|page=617\|year=2010\|last1=Komashinskiy\|first1=Dmitriy\|last2=Kotenko\|first2=Igor\|isbn=978-1-4244-5672-7\|s2cid=314909}}</ref><ref>{{cite book\|doi=10.1109/SECPRI.2001.924286\|chapter=Data mining methods for detection of new malicious executables\|title=Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001\|page=38\|year=2001\|last1=Schultz\|first1=M.G.\|last2=Eskin\|first2=E.\|last3=Zadok\|first3=F.\|last4=Stolfo\|first4=S.J.\|isbn=978-0-7695-1046-0\|citeseerx=10.1.1.408.5676\|s2cid=21791}}</ref><ref>{{cite book\|doi=10.1145/1281192.1281308\|chapter=IMDS\|title=Proceedings of the 13th ACM SIGKDD international conference on Knowledge discovery and data mining – KDD '07\|page=1043\|year=2007\|last1=Ye\|first1=Yanfang\|last2=Wang\|first2=Dingding\|last3=Li\|first3=Tao\|last4=Ye\|first4=Dongyi\|isbn=9781595936097\|s2cid=8142630}}</ref><ref>{{cite journal\|url=http://dl.acm.org/citation.cfm?id=1248547.1248646\|title=Learning to Detect and Classify Malicious Executables in the Wild\|journal=J. Mach. Learn. Res.\|first1=J. Zico\|last1=Kolter\|first2=Marcus A.\|last2=Maloof\|date=December 1, 2006\|volume=7\|pages=2721–2744}}</ref><ref>{{cite book\|doi=10.1145/1599272.1599278\|chapter=Malware detection using statistical analysis of byte-level file content\|title=Proceedings of the ACM SIGKDD Workshop on Cyber ''Security'' and Intelligence Informatics – CSI-KDD '09\|page=23\|year=2009\|last1=Tabish\|first1=S. Momina\|last2=Shafiq\|first2=M. Zubair\|last3=Farooq\|first3=Muddassar\|isbn=9781605586694\|citeseerx=10.1.1.466.5074\|s2cid=10661197}}</ref><ref>{{cite journal\|doi=10.1007/s11416-008-0082-4\|title=An intelligent PE-malware detection system based on association mining\|journal=Journal in Computer Virology\|volume=4\|issue=4\|page=323\|year=2008\|last1=Ye\|first1=Yanfang\|last2=Wang\|first2=Dingding\|last3=Li\|first3=Tao\|last4=Ye\|first4=Dongyi\|last5=Jiang\|first5=Qingshan\|citeseerx=10.1.1.172.4316\|s2cid=207288887}}</ref><ref>{{cite book\|doi=10.1145/1774088.1774303\|chapter=Malware detection based on mining API calls\|title=Proceedings of the 2010 ACM Symposium on Applied Computing – SAC '10\|page=1020\|year=2010\|last1=Sami\|first1=Ashkan\|last2=Yadegari\|first2=Babak\|last3=Peiravian\|first3=Naser\|last4=Hashemi\|first4=Sattar\|last5=Hamze\|first5=Ali\|isbn=9781605586397\|s2cid=9330550}}</ref><ref>{{cite journal\|doi=10.1007/s10844-010-0148-x\|title="Andromaly": A behavioral malware detection framework for android devices\|journal=Journal of Intelligent Information Systems\|volume=38\|page=161\|year=2011\|last1=Shabtai\|first1=Asaf\|last2=Kanonov\|first2=Uri\|last3=Elovici\|first3=Yuval\|last4=Glezer\|first4=Chanan\|last5=Weiss\|first5=Yael\|s2cid=6993130}}</ref>{{Excessive citations inline\|reason=Only a few papers are needed for this\|date=October 2021}}

Antivirus software: Difference between revisions