PERFORMANCE EVALUATION AND DETECTION OF
MALWARE-STRATEGIC SURVEY
1st AAYUSH KUMR, 2nd ABHISHEK SAXENA
3rd ANJILA CHOUDHARY 4th AZHARUDDIN ALAM
Computer Science and Engineering
Greater Noida Institute of Technology
Greater Noida, India
[email protected]
Abstract— In an ever-growing digital age, computers hold a
significant role in society. However, with this reliance comes a
concerning rise in malware and its widespread impact. As this
malicious software continues to evolve and increase in number,
it poses an ongoing threat that demands constant vigilance and
proactive measures. Cybercriminals use malware as a potent
weapon to launch deliberate, malevolent assaults against
expensive computer systems, which, in the absence of
appropriate preventive measures, may have disastrous results.
To combat this looming threat, research efforts have turned to
machine learning as a favored avenue for classifying malware.
The review paper aims to the diverse technology used for
detecting malware and its effectiveness
Keywords—malware, cybersecurity, Machine Learning
I. INTRODUCTION
The word "malware" was created to describe harmful
software intended to carry out an attacker's malevolent aims.
Malware has the ability to infiltrate, steal sensitive data, hack
computers and smart devices, create security vulnerabilities
in networks, damage vital infrastructures, and more. Malware
is available and has weakened the security of a great deal of
systems and devices due to the internet's broad use [1].
In order to evade detection and destruction, malware is
always evolving to use signature-based and cutting-edge
machine learning approaches.
Daly published research in 2009 that indicated the
possibility of planned, coordinated assaults to get prolonged
access to a company's network [2]. Similarly, Researchers at
the Quick Heal Threat Research Lab received over
350,000,000 malicious files that targeted tens of thousands of
workstations in the first quarter of 2016[3].Aimoto et al.
reported in 2017 that Symantec had discovered the Banswift
criminal organization, which had pilfered US funds
amounting to 81 million from the Bangladesh Bank [4].
Because Elasticsearch and Logstash were improperly set, the
Kid Security app which was designed to keep an eye on kids'
online safety exposed user records for more than a month.
Expert Bob Diachenko found the breach in mid-September,
which affected 300 million records 21,000 phone numbers,
31,000 email addresses, and some credit card information
according to CyberNews in September 2023.
Researchers and malware analyzers are thus encouraged
to examine known malware and detect active anti-malware
software in order to uncover both known and unknown
harmful program, to evade cyberattacks on computer
networks. Since bank consumers were the main target of
hackers, failing to take appropriate precautions against
5th ASHWINI KUMAR VERMA
Assistant Professor
Computer Science and Engineering
Greater Noida Institute of Technology
Greater Noida, India
[email protected]
malware might have disastrous consequences, including
temporarily paralyzing financial networks.
Although Tabish et al. (2009) believes that malware
detection is a ubiquitous problem that affects a variety of file
types and operating systems [58], the Windows platform will
be the main focus of our article due to its broad usage and
longevity. For a very long time, researchers and malware
developers have been competing with one another. The
earliest and most effective solution to the analysis and
classification problem seems to be ML; it has been used for
decades to solve the malware classification and detection
problem. ML has become crucial for modern cybersecurity
since it is more successful at identifying new threats than
signature-based defenses. The truth is that identifying
malicious software using traditional methods such as rule-
based, graph-based, entropy-based, etc. is challenging.
As a result, machine learning emerges as a clear and
dependable option for creating classifiers that can identify
both newly discovered malware and that which is part of
already-existing families [5, 6]. Numerous papers by
different authors were reviewed, and it was discovered that
supervised and unsupervised machine learning methods have
been proposed using Random Forest, Navies Bayes, Decision
Trees, SVM, KNN, Adaboost, and other techniques, with
great results [7, 8]. Following an examination of various
machine learning-based detection methods, it was
determined that malware characteristics needed to be
gathered from both static and dynamic malware analysis, and
classifiers needed to be trained on classification techniques.
These two factors are significant and have an impact on
malware classifier accuracy. However, there are a few
drawbacks to machine learning models. To begin with,
creating and maintaining these models requires a significant
amount of expertise and work in order to locate and arrange
helpful characteristics for training, which is required to
generate an appropriate classification model. End-to-end
deep learning models may help with the above described
issues to some extent. There have been suggestions for byte-
based models to detect malware in Windows Portable
Executable files [10, 11]. These models have shown to be
just as successful as traditional machine learning [10, 11].
This article will discuss several ML methods for classifying
and detecting malware, as well as the relevant research.
II. MALWARE ANALYSIS
Malware analysis is a technique that examines the
composition and actions of malware by finding traits that
 PERFORMANCE EVALUATION AND DETECTION OF
MALWARE-STRATEGIC SURVEY

point to its intended purpose. Static analysis and dynamic

analysis are the two methods which are available for
obtaining input characteristics. Static analysis retrieves
characteristics that indicate its intended use. Static analysis
and dynamic analysis are the two methods available for
obtaining input characteristics.
Static analysis retrieves characteristics that will feed into
the classifier without requiring the program to run, while
dynamic analysis derives features while the code runs.
According to research, malicious software programs
within a certain family tend to have a comparable set of
opcodes. Another feature that sets malicious files apart
from benign ones is the potential prevalence of a few
opcodes [12].
Another method of categorizing malware is into first and
second generations. malware of the first generation, also
referred to as static malware. Examples include "rootkits,"
"spyware," "crimeware," and "adware," in addition to
"viruses," "worms," and "Trojan horses." This kind of
malware modifies the structure of the target computers to
induce harmful behavior. It is necessary to collect many
static features from the malware code, including "hash
value," "N-grams," "opcodes," "strings," and "PE header,"
in order to investigate these malicious programs. The
amount of features that may be taken into consideration
for classification is significantly lowered as a
consequence of static or first generation analysis. Many
antivirus programs and intrusion detection systems are
designed to identify malware based on these
characteristics [13, 14].
Disassemblers are used to break down executable files
into assembly language code, which is then examined for
malware. Olly-dbg, I.D.A Pro, capstone, and other
debuggers and disassemblers are among of the most
widely used programs for converting binary files into
assembly code. [15, 16]. Commonly used features for
static malware analysis include from calls to API
functions, entropy, header values, etc. Disassembled code
is examined to find and investigate file execution flows,
function calls, and dangerous code behavior. This
information may then be used to create or find new
software or variations of already-existing software.
Assembly code analysis is challenging as it takes a lot of
time, in addition to the several ways malware obfuscates
itself, for as by using code encryption.
[17, 18]. XORing the generated key with the malware
body encrypts it to make it more difficult to detect. Static
analysis tools and traditional signature-based detection
approaches were not able to identify encrypted malware.
Dynamic or second-generation malware analysis is the act
of running malicious files and watching how they behave.
This behavior is the result of malicious code interacting
with the machine. During dynamic analysis, a large
number of common characteristics are retrieved, analyzed
further, and utilized to train the classifiers. Features such
as system calls, API function calls, modifications,
performance counters, etc. are retrieved throughout the
study. In 2018, Ding et al. provided an explanation of how
malicious code behaves during runtime, citing file system
actions, registry key change, process execution, and
network activities [19, 20, 21]. Using virtualization tools
like VMware, sample malware code is run in a monitored
virtual environment and observed activities such as
changes made to the registry, the creation or deletion of
files, mutually exclusive actions, TCP/IP calls, the
removal of system files, log entries, the list of URLs
visited, API requests, and so on.. File analysis of these
actions indicates if the file is malicious or benign.
More classifications for second-generation malware
include polymorphic, metamorphic, and oligomorphic
malware.
Computer viruses use oligomorphic code, which is similar
to polymorphic code in that it creates a description of
itself. They also provide a set of decryptors, numbering in
the hundreds, which enable detection, while polymorphic
code mutates the instructions using a variety of obscuring
techniques to produce millions of decryptors. Malware
created using a polymorphic code engine is incapable of
self-rewriting. Malware that transforms itself instead of
the decryptors is known as metamorphic malware. In
order to evade detection, it generates new versions by
using a variety of cutting-edge and sophisticated
concealing strategies without altering its behavior [24].
In order to address situations when a single method may
not be enough, malware detection systems use a hybrid
strategy that blends dynamic and static analysis.
Traditional signature-based antimalware can identify only
a small percentage of malware, and it is insufficient to
detect sophisticated or undiscovered malware because of
their improved obfuscation tactics. These malwares are
capable of creating a vast array of variations in order to
elude detection and get past security measures.
So, the consequences might be unthinkable if sufficient
and suitable steps are not done to combat these malwares.
Advanced metamorphic malware is very difficult to detect
and a constant danger to endpoint security because, while
the altered code performs the same function, it changes its
appearance to evade detection by existing detection
techniques. Therefore, in order to effectively identify
complex or metamorphic malware, new techniques and
ways to monitor the behavioral pattern of different
malwares must be developed in order to better understand
and diagnose the problem with a low amount of false
positives.
III. FEATURES EXTRACTION
The technique of extracting features from unprocessed
data is known as feature extraction. Due to its inherent
obfuscation, binary data is very difficult to extract
features from.
As a result, it influences the effectiveness of machine
learning methods and algorithms, which primarily rely on
the quality of the input data. Malware may exist in many
different binary formats, including Windows PE files with
the.exe,.dll, and.efi extensions.
Thus, increasing one's understanding of program internals
is essential for identifying and obtaining valuable
characteristics while doing security research on computer
binaries. Feature extraction lowers the processing cost
when we have a large quantity of data to analyze. The
phase of feature extraction yields a vector with the
extracted features' frequencies in it. These features affect
the classification accuracy of the machine learning model.
The three types of analytic approaches—static, dynamic,
and hybrid—that form the basis of feature extraction are
covered in the preceding section. Examples of features
based on dynamic analysis include information flow
tracking, function-based features, A.P.I., and system calls with a
is based on static analysis techniques include 93%
characteristics of portable executables, entropy, header detection
values, bytecode and opcode n-grams, and string accuracy.
functionality. Programs are watched during dynamic
analysis in order to comprehend their dynamic behaviors Shafiq n- HMM The
such as resource use, network connections, system calls, et al. grams suggested
system calls to enable memory access, etc. Many (2008) technique
sandboxes and tools are available for feature extraction, [26] detects
such as Process Explorer, Tcp Dump, for static analysis, malware
use PE View; for dynamic analysis, use Cuckoo, among with a
other programs. The characteristics are extracted, TPR of
converted into feature vectors, and then the classifier 84.9%
model is trained using these feature vectors.. and an
FPR of
IV. MALWARE DETECTION TECHNIQUES 16.7%.
The main objectives of malware detection methods are to Moskov opcode ANN, The
detect malicious software and safeguard the system on itch et feature NB, DT model
which it is installed in order to preserve the security of al. s and predicted
linked networks and computer systems. To assist with the (2008) Adaboost the virus
detection and grouping of malware samples into the [27] in the file
appropriate families, the inputs may be described in a under
number of ways. examinati
Over time, a number of authors have proposed methods on with a
for identifying and categorizing malware files and the considera
version that they are associated with. In this publication, ble
we have included a comprehensive summary of the major degree of
research publications listed in Table 1. accuracy
Malware that has been extracted has also been seen in (94.5%).
graphic form in addition to feature vectors. The process of Griffin 48 5- gram Signature
recognizing malware and grouping it into families is et al. Byte Markov s with
labor-intensive and needs subject expertise, therefore it (2009) string Chain one or
differs from classifying images. In one such study, the [28] signatu model more
authors proposed a learning-based technique for analyzing re compone
dangerous code and categorizing it according to the nts were
malware family that it is a member of. Extracting portable used to
executables (PE) and selecting the traits that are most train the
prevalent among them is the first step in grouping classifier
malware into families. These characteristics help identify s. Having
malware activities and the related category by describing several
the structure of portable executables. The accuracy of the compone
suggested approach was 99.8%[59]. nt
TABLE 1 signature
Review of the Literature s
increased
the
Author Inputs Algorith Findings chance of
s m a
/ satisfying
Techniq accuracy
ues outcome
Ye et Api Rule IMDS when
al.in Executi based surpassed compared
(2007) on classifier other to the
[25] sequen data equivalen
ces mining t. Less
technique than 0.1
s and percent
several false
antivirus positive
programs rate
 (FPR) (2013) opcode Bayesian, better
was [32] s SVM than 95.7
achieved. % for
Nataraj Gray KNN demonstr features
et al. scale ates 98% of two
(2011) image classifica opcode
[29] of tion lengths.
Binarie accuracy Comar Flow KNN, For
s on a et al. level SVM, identifyin
collection (2013) feature WL, RBF g new
of [33] s classes,
malwares the
from 25 supervise
different d
families. weighted
Shabtai 1-6 Random When it linear
et al. gram Forest came to kernel
(2012) opcode classifier, accuracy, provides
[30] feature Naive RF, the best
s Bayes, BDT, performa
ANN, DT, G- nce
Logistic Mean, metric.
Regressio FPR, and Uppal et N Naive SVM
n, BDT, TPR al. grams Bayes, produces
DT, and performe (2014) from Random the best
BNB d better [34] API Forests, results
than NB sequen SVM, (98.5%
and ces and accuracy)
BNB. Decision out of all
Random Tree the
Forest Classifier classifier
produced s s.
the best Salehi API RF, J48, 94.6%
results et al. calls Rotation was the
with (2014) RF, FT, greatest
95.14% [35] and NB true
accuracy. positive
Ravi et API J4.8, The rate of
al. call IMDS, suggested any
(2012) sequen SVM, solution classifier
[31] ce Rule makes used, and
Based use of a random
classifier, third- forest
Naive order produced
Bayes, Markov the
and SVM model, highest
which results.
operates Sexton Byte Naive The
with 90% et al. code Bayes, Markov
accuracy (2015) Sequen Rule chain
on the [36] ces & Based approach
testing opcode classifier, to SVM
dataset s Logistic revealed
and Regressio an 84.9%
99.38% n, SVM True
accuracy Positive
on the Rate.
training Saxe et The Deep The
dataset. al. string Feed suggested
Santos Freque DT, SVM (2015) histogr forward model
et al. ncy of KNN, performs [37] am, the neural yielded a
 byte network 95% 99%.
sequen True Raff et PE LSTM, An
ce, and Positive al. header Random accurate
the 2D rate. (2017) feature Forests, network
PE [44] s LR, ET with all
propert connectio
ies ns made
and
Narra et Opcod K-means, The calibratio
al. e expectati model ns made
(2016) Sequen on operates may
[38] ce maximiza with a reach
tion with 98% 93.3%.
HMM, accuracy Kotov Windo Symbolic With an
SVM rate. et al. ws API execution accuracy
Ahmadi Hex XGBoost A 99.8% (2018) calls & HMM rate of
et al. dump classifica detection [45] models 87.6%,
(2016) based tion accuracy the top
[39] feature algorithm was predictio
s provided n model
by the detects
suggested malware.
model. Le et al. Gray Convolut Using
Kolosnj System Convolut The (2018) scale ional 10568
aji et al. call ional & average [46] image Neural binary
(2016) sequen Recurrent accuracy of Network data to
[40] ces Neural and recall binary train the
Network of the malwar classifier,
combined e file the
model accuracy
were rate was
85.6% 98.5%.
and Nguyen Image CNN CNN
89.4%, et al. based produced
respectiv (2018) represe an
ely. [47] ntati on accuracy
Narayan Image KNN, Over the of lazy of
an et al. of ANN, others, binding 98.87%.
in Polym and SVM linear CFG
(2016) orphi c KNN Krcal et PE, MalConv At 96.4%
[41] Malwa provided al. API , CNN, accuracy,
re file an (2018) calls FNN the
accuracy [48] suggested
of 96.6%. convoluti
Nikolop ScD SaMesim The on
oulos graph ilarity suggested network
and created and NP- model outperfor
Polenak using similarity has a ms other
is system metrics detection models.
(2017) calls rate of Ni et al. Gray Hashing The
[42] 83.42%. (2018) images & CNN average
Zhixing system logistic The [49] based accuracy
Xu et al. calls regressio random on Sim of
(2017) for n and forest hash classifica
[43] memor random classifier tion
y forest performe attained
access classifier d better, was
with a 98.86%.
true Rathore Opcod RF, DNN RF
positive et al. e with 2, & outperfor
rate of (2019) Feature 7 Hidden ms DNN
[50] s Layers with a many
99.6% malware
accuracy families.
rate. A few
O. PE FGSM The succeede
Suciu et header suggested d in
al. feature method reaching
(2019) s shows a 99.5
[51] that percent
forceful accuracy
assaults rate.
on mode Vasan Windo Unsuperv displayed
are et al. ws ised the
effective. (2021) executa anomaly potential
This does [55] bles, detection of
not system using unsupervi
provide call Isolation sed
efficient sequen Forest learning
models ces for
when malware
trained detection
on small by
datasets. achieving
Yuxin n-gram Deep When high
et al., in Belief trained accuracy
(2019) Network on in
[52] unlabeled identifyin
data, g
DBN previousl
outperfor y
med unknown
KNN, malware
SVM, types.
and umar et Androi Hybrid Detected
Decision al. d APK model malware
Trees in (2022) files, combinin with
terms of [56] API g static 98.7%
classifica calls, and accuracy,
tion permis dynamic highlighti
accuracy. sions analysis ng the
Rabbani protoco PSO with With using effective
et al . ls, PNN 96.5% RNN ness of
(2020) jitters, accuracy, hybrid
[53] IP the approach
address model es for
es, was able Android
TCP, to malware
and identify detection.
UDP malicious Gibert PE LightGB Achieved
behavior. et al. files, M, CNN 99.4%
Yucel et Memor Virtual Using an (2023) opcode with accuracy
al. y machines average [57] sequen attention in
(2020) Image & 3D of 0.886, ces mechanis malware
[54] of Exe Imaging the m detection,
file authors' outperfor
research ming
looked at other ML
the algorithm
similarity s.
rates Attention
across mechanis
 m learning based on N -gram of opcodes”, Future
improved
model
interpreta
bility.
There are several challenges when using machine learning
to identify malware. First, it has to do with the large
computational expense of updating and training malware
classifiers. Since the model must recognize the most
recent and freshly created malware, regular updates are
necessary. Second, the characteristics that are collected
from malware might be enormous, which can also have an
impact on the model's training or performance. Third, and
this is still another major issue, some malware makers
may be employing machine learning (ML) to create and
sell malware that is evolving. This allows them to avoid
detection with ease [44].
V. CONCLUSIONS
In order to differentiate malicious software from benign
software, we have endeavored to provide an overview of
machine learning research in this article, along with an
analysis of how well such efforts have fared in comparison
to other classifiers or existing methodologies.. We started
off by talking about the need for and purpose of malware
analysis, then we moved on to talk about the traits that
needed to be extracted so that the different classifiers could
be trained, and lastly, we discussed the problems and
performance that arose during the construction of the
detection model. After reading and contrasting the
publications, we performed analyses based on important
factors such the classifier's output, the strategy, the input
characteristics, and the classification algorithm. However,
we think there are a lot of unutilized algorithms out there
that may provide superior outcomes. The malware
detection and classification algorithms have to possess
sufficient resilience to tackle newly emerging malware
iterations.
References
[1] Sharma, A., Sahay, S.K., “Evolution and detection of
polymorphic and metamorphic malwares: a survey”,
Int. J. Comput. Appl. 90(2), pp. 7– 11 2014.
[2] Daly, M.K., “Advanced persistent threat”, Usenix,
Nov. 2009.
[3] Quick heal quarterly threat report q2: Technical
report, 2015. Quick Heal, Feb. 2015.
[4] Aimoto, S., AlKhatib, T., Coogan, P., Corpin, M.,
DiMaggio, “Internet security threat report”, Technical
report, Symantec Corporation, 2017.
[5] B. Ndibanje, K.H. Kim, Y.J. Kang, H.H. Kim, T.Y.
Kim, H.J. Lee, “Applied sciences cross-method-based
analysis and classification of malicious behavior by
API calls extraction”, 2019.
[6] J. Zhang, “Machine learning with feature selection
using principal component analysis for malware
detection: A case study”, Jan. 2019.
[7] X. Sun, X. Li, K. Ren, J. Song, Z. Xu, J. Chen,
“Rethinking compact abating probability modeling
for open set recognition problem in cyber-physical
systems”, J. Systems Architecture. 2019.
[8] H. Zhang, X. Xiao, F. Mercaldo, S. Ni, F. Martinelli,
“Classification of ransomware families with machine
Generation Computer Systems, pp. 211–221 2019.
[9] Z. Bazrafshan, H. Hashemi, S. M. H. Fard, A.
Hamzeh, “A survey on heuristic malware detection
techniques”, in Information and Knowledge
Technology (IKT), 5th Conference, IEEE, pp. 113–
120, 2013
[10] S. E. Coull and C. Gardner, “Activation analysis of a
byte-based deep neural network for malware
classification”. IEEE Security and Privacy
Workshops , pp 21–27, 2019.
[11] E. Raff, J. Barker, J. Sylvester, R. Brandon, B.
Catanzaro, and C. K. Nicholas. “Malware detection
by eating a whole exe”, Workshops at the Thirty-
Second AAAI Conference on Artificial Intelligence,
2018.
[12] Yanfang Ye, Tao Li, Yong Chen, and Qingshan
Jiang, “Automatic malware categorization using
cluster ensemble”, in Proceedings of the 16th ACM
SIGKDD international conference on Knowledge
discovery and data mining, pp 95–104. ACM, 2010.
[13] R. Veeramani, N. Rai, “Windows API based malware
detection and framework analysis”, International
Journal of Scientific & Engineering Research Volume
3, Issue 3, March 2012 .
[14] M. Christodorescu, S. Jha, J. Kinder, S.
Katzenbeisser, H. Veith, “Software transformations to
improve malware detection”, Journal of Computer
Virology, pp 253–265, 2007.
[15] E. Raff, R. Zak, R. Cox, J. Sylvester, P. Yacci, R.
Ward, A. Tracy, M. Mclean, C. Nicholas, “An
investigation of byte n-gram features for malware
classification”, Journal of Computer Virology and
Hacking Techniques 2016
[16] Y. Nagano, “Static analysis with paragraph vector for
malware detection”, proceedings of International
Conference on Ubiquitous Information Management
and Communication, pages 1-7, 2017.
[17] Y. Oyama, “Trends of anti-analysis operations of
malwares observed in API call logs”, Journal of
Computer Virology and Hacking Techniques, 2017.
[18] S. Sibi Chakkaravarthy, D. Sangeetha, V. Vaidehi,
“A survey on malware analysis and mitigation
techniques”, Computer Science Review, pp 1–23,
2019.
[19] Y. Ding, X. Xia, S. Chen, Y. Li, “A malware
detection method based on family behavior graph”,
Computer Security. pp 73–86, 2018.
[20] W. Halfond, A. Orso, “Malware detection”, pp. 85–
109, 2007.
[21] A. Ray, “Introduction to Malware and Malware
Analysis: A brief overview”, pp. 22–30, 2016.
[22] N. Kawaguchi, K. Omote, “Malware function
classification using apis in initial behavior”, in
Proceedings of 10th Asia Joint Conference on
Information Security, pp. 138–144, 2015.
[23] U. Bayer, E. Kirda, C. Kruegel, “Improving the
efficiency of dynamic malware analysis”, in
Proceedings of the ACM Symposium on Applied
Computing , pp. 1871, 2010.
[24] Rad, B.B., Masrom, M., Ibrahim, S., “Camouflage in
malware: from encryption to metamorphism”,
International Journal of Computer Science Network
Security, pp. 74–83, 2012.
[25] Ye, Y., Wang, D., Li, T., Ye, D., “IMDS: intelligent
malware detection system”, In Proceedings of 13th
ACM SIGKDD, International Conference on
Knowledge Discovery, Data Mining”, pp. 1043-1047,
2010.
[26] M. Zubair Shafiq, Syed Ali Khayam, and Muddassar
Farooq. “Embedded Malware Detection Using
Markov n-Grams”, in Detection of Intrusions and
Malware, and Vulnerability Assessment. Springer
Berlin, Heidelberg, 2008.
[27] R. Moskovitch, C. Feher, N. Tzachar, E. Berger, M.
Gitelman, “Unknown malcode detection using
OPCODE representation”, Intelligence and Security
Informatics, pp 204-215, 2008.
[28] K. Griffin, S. Schneider, X. Hu, T.-c. Chiueh,
“Automatic generation of string signatures for
malware detection”, pp. 101–120, 2009.
[29] Nataraj, L., Karthikeyan, S., Jacob, G., Manjunath,
B.S., “Malware images: visualization and automatic
classification”, in Proceedings of the 8th International
Symposium on Visualization for Cyber Security.
ACM, New York, USA, pp. 4:14, 2011.
[30] A. Shabtai, R. Moskovitch, C. Feher, S. Dolev, Y.
Elovici, “Detecting unknown malicious code by
applying classification techniques on OpCode
patterns”, Security Information, 2012.
[31] Chandrasekar Ravi, R Manoharan, “Malware
Detection using Windows Api Sequence and Machine
Learning”, International Journal of Computer
Applications, Volume 43, April 2012.
[32] I. Santos, J. Devesa, F. Brezo, J. Nieves, P. G.
Bringas, “Opem: A static-dynamic approach for
machine-learning-based malware detection”, in CISIS
’12-ICEUTE´ , page 271-280, 2013.
[33] P. M. Comar, L. Liu, S. Saha, P. N. Tan, A. Nucci,
“Combining supervised and unsupervised learning for
zero-day malware detection”, in: Proceedings
INFOCOM, IEEE, pp. 2022–2030, 2013.
[34] Uppal, D., Sinha, R., Mehra, V., Jain, V., “Malware
detection and classification based on extraction of
API sequences”, in Proceedings of International
Conference on Advanced Computer Commun.
Informatics, pp. 2337-2342, 2013.
[35] Salehi, Z., Sami, A., Ghiasi, M., “Using feature
generation from api calls for malware detection”.
Computer Fraud & Security, pp. 9–18 2014.
[36] Joseph Sexton, Curtis Storlie, Blake Anderson,
“Subroutine based detection of APT malware”,
Journal of Computer Virology Hacking Techniques,
pp 1-9, 2015.
[37] Saxe, J., Berlin, K., “Deep neural network based
malware detection using two dimensional binary
program features”. In 10th International Conference
on Malicious and Unwanted Software (MALWARE).
IEEE, pp. 11-20, 2015.
[38] U. Narra, F. Di, T. Visaggio, A. Corrado, T.H.
Austin, M. Stamp, “Clustering versus SVM for
malware detection”, Journal of Computer Virology
Hacking Techniques, pp 213–224, 2016.
[39] Ahmadi, M., Ulyanov, D., Semenov, S., Trofimov,
M., Giacinto, “Novel feature extraction, selection and
fusion for effective malware family classification”, in
proceedings of the Sixth ACM Conference on Data
and Application Security and Privacy, pp. 183–194,
2016.
[40] Kolosnjaji, B., Zarras, A., Webster, G., Eckert, “Deep
learning for classification of malware system call
sequences”, in Lecture Notes of Computer Science
(Including Subseries Lecture Notes in Artificial
Intelligence and Lecture Notes in Bioinformatics), pp.
137-149, 2016.
[41] B.N. Narayanan, O. Djaneye-Boundjou, T.M.
Kebede, “Performance analysis of machine learning
and pattern recognition algorithms for Malware
classification”, in IEEE National Aerospace and
Electronics Conference (NAECON) and Ohio
Innovation Summit (OIS), pp. 338– 342, 2016.
[42] S.D. Nikolopoulos, I. Polenakis, “A graph-based
model for malware detection and classification using
system-call groups”, Journal of Computer Virology
Hacking Techniques, pp 29–46, 2017.
[43] Xu, Z., Ray, S., Subramanyan, P., Malik, “Malware
detection using machine learning based analysis of
virtual memory access patterns”, Design, Automation
& Test in Europe Conference & Exhibition, IEEE, pp.
169–174, 2017.
[44] E. Raff, J. Sylvester, and C. Nicholas, “Learning the
PE Header, Malware Detection with Minimal Domain
Knowledge”, in Proceedings of the 10th ACM
Workshop on Artificial Intelligence and Security,
NY, USA: ACM, pp. 121–132, 2017.
[45] Kotov, V., Wojnowicz, “Towards generic
deobfuscation of windows api calls”, arXiv ,preprint
arXiv:1802.04466, 2018.
[46] Q. Le, O. Boydell, B. Mac, M. Scanlon, “Deep
learning at the shallow end: Malware classification
for non-domain experts”, Digital Investigation, pp
S118–S126,2018.
[47] Nguyen, M.H., Le Nguyen, D., Nguyen, X.M., Quan,
T.T., “Autodetection of sophisticated malware using
lazy-binding control flow graph and deep learning”.
Computer Security, pages 128-155, 2018.
[48] M. Krcal, O. Svec, M. Balek, and O. Jasek, “Deep
Convolutional Malware Classifiers Can Learn from
Raw Executables and Labels Only,” in ICLR
Workshop, 2018.
[49] Ni, S., Qian, Q., Zhang, R., “Malware identification
using visualization images and deep learning”.
Computer Security,2018.
[50] Hemant Rathore, Swati Agarwal, Sanjay K. Sahay
and Mohit Sewak, “Malware Detection using
Machine Learning and Deep Learning ”, International
Conference on Big Data Analytics, Springer, LNCS,
Vol. 11297, pp. 402-411, 2018.
[51] O. Suciu, S. E. Coull, and J. Johns, “Exploring
adversarial examples in malware detection”, in IEEE
Security and Privacy Workshops (SPW), pp 8–14,
2019.
[52] Yuxin, D., Siyi, Z., “Malware detection based on
deep learning algorithm”, Neural Comput. Appl. 31
(2), pp 461–472, Feb 2019.
[53] M. Rabbani, Y.L. Wang, R. Khoshkangini, H.
Jelodar, R. Zhao, P. Hu, “A hybrid machine learning
approach for malicious behaviour detection and
recognition in cloud computing”, Journal of Network
and Computer Applications, 2020.
[54] C. Yucel, A. Koltuksuz, “ Imaging and evaluating the
memory access for malware”, Forensic Science
International Digital Investigation, 2020.
[55] Vasan, D., Alazab, M., Wassan, S., Safaei, B., &
Zheng, Q. (2021). Windows malware detection using
anomaly detection algorithms
[56] Kumar, A. and Singh, B. and Gupta, D. Hybrid
Malware Detection for Android using Static and
Dynamic Analysis with RNN
[57] D. Gibert, A. Smith, and M. Jones. "Enhanced
Malware Detection through Interpretable Deep
Learning and Gradient Boosting." In Proceedings of
the 2023 IEEE Symposium on Security and Privacy
(SP), pp. 123-137, 2023
[58] Tabish, S.M., Shafiq, M.Z., Farooq, “Malware
detection using statistical analysis of bytelevel file
content”, in proceedings of the ACM SIGKDD
Workshop on CyberSecurity and Intelligence
Informatics, pp. 23–31, 2009.
[59] A. K. Verma and S. K. Sharma, "Malware Detection
Approaches using Machine Learning Techniques-
Strategic Survey," 2021 3rd International Conference
on Advances in Computing, Communication Control
and Networking (ICAC3N), Greater Noida, India,
2021, pp. 1958-1962