A Comparison of Static, Dynamic, and Hybrid Analysis for Malware   Detection

Anusha Damodaran; Fabio Di Troia; Visaggio Aaron Corrado and; Thomas H. Austin; Mark Stamp

arXiv:2203.09938·cs.CR·March 21, 2022

A Comparison of Static, Dynamic, and Hybrid Analysis for Malware Detection

Anusha Damodaran, Fabio Di Troia, Visaggio Aaron Corrado and, Thomas H. Austin, Mark Stamp

PDF

TL;DR

This paper compares static, dynamic, and hybrid malware detection methods using Hidden Markov Models, finding that fully dynamic approaches generally achieve the highest detection rates across many malware families.

Contribution

It provides a comprehensive comparison of static, dynamic, and hybrid malware detection techniques using HMMs, highlighting the effectiveness of dynamic analysis.

Findings

01

Dynamic analysis yields higher detection rates.

02

Hybrid methods show potential but are less effective than fully dynamic approaches.

03

The study covers a wide range of malware families.

Abstract

In this research, we compare malware detection techniques based on static, dynamic, and hybrid analysis. Specifically, we train Hidden Markov Models (HMMs ) on both static and dynamic feature sets and compare the resulting detection rates over a substantial number of malware families. We also consider hybrid cases, where dynamic analysis is used in the training phase, with static techniques used in the detection phase, and vice versa. In our experiments, a fully dynamic approach generally yields the best detection rates. We discuss the implications of this research for malware detection based on hybrid techniques.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.