Detection techniques of common malware features : a systematic review

Detection techniques of common malware features a systematic review

Tarkkojen ja vakaiden haittaohjelmatunnistimien luominen on välttämätöntä haittaohjelmien kehittyessä jatkuvasti. Tässä pro gradu -tutkielmassa suoritettiin systemaattinen kirjallisuuskatsaus tyypillisten haittaohjelmapiirteiden tunnistusmenetelmistä. Viime vuosien yleisimpiä haittaohjelmaperheitä t...

Full description

Bibliographic Details
Main Author: Veini, Tuuli
Other Authors: Informaatioteknologian tiedekunta, Faculty of Information Technology, Informaatioteknologia, Information Technology, Jyväskylän yliopisto, University of Jyväskylä
Format: Master's thesis
Language:eng
Published: 2023
Subjects:
malware detection
Tietotekniikka
Mathematical Information Technology
602
koneoppiminen
haittaohjelmat
virustentorjuntaohjelmat
machine learning
malware
antivirus software
Online Access: https://jyx.jyu.fi/handle/123456789/87338
_version_ 1826225742348812288
author Veini, Tuuli
author2 Informaatioteknologian tiedekunta Faculty of Information Technology Informaatioteknologia Information Technology Jyväskylän yliopisto University of Jyväskylä
author_facet Veini, Tuuli Informaatioteknologian tiedekunta Faculty of Information Technology Informaatioteknologia Information Technology Jyväskylän yliopisto University of Jyväskylä Veini, Tuuli Informaatioteknologian tiedekunta Faculty of Information Technology Informaatioteknologia Information Technology Jyväskylän yliopisto University of Jyväskylä
author_sort Veini, Tuuli
datasource_str_mv jyx
description Tarkkojen ja vakaiden haittaohjelmatunnistimien luominen on välttämätöntä haittaohjelmien kehittyessä jatkuvasti. Tässä pro gradu -tutkielmassa suoritettiin systemaattinen kirjallisuuskatsaus tyypillisten haittaohjelmapiirteiden tunnistusmenetelmistä. Viime vuosien yleisimpiä haittaohjelmaperheitä tutkittiin ensin niille tyypillisten piirteiden tunnistamiseksi, joista tärkeimpiä olivat API-kutsut ja kommunikaatio komentopalvelimen kanssa. Sen jälkeen suoritettiin systemaattinen katsaus löydettyjen piirteiden perusteella. Analysoitavaksi valittiin 33 artikkelia, jotka oli julkaistu vuosien 2018 ja 2023 välillä. Kaikki käsitellyt artikkelit sovelsivat haittaohjelmien käyttäytymisen tunnistamista ja suurin osa käytti koneoppimista kehittämässään mallissa. Analyysin perusteella tarkkojen ja nopeiden tunnistimien kehittäminen on mahdollista koneoppimismalleilla, ja tunnistettavien piirteiden käsittelyllä voidaan torjua joitain haittaohjelmien käyttämiä väistötaktiikoita. Tutkimus osoitti puutteita laskentaresurssien käytön optimointiin ja analyysiympäristön välttämisen torjumiseen keskittyvässä tutkimuksessa. Building accurate and robust detectors is essential to keep up with constantly evolving malware. In this thesis, a systematic literature review of detection techniques of common malware features was conducted. Prevalent malware families of recent years were first studied to identify their common features, most important of which where API calls and communication with a Command and Control server. The systematic review was then conducted based on the discovered features. The final analysis included 33 papers published between 2018 and 2023. All reviewed papers applied behavior-based detection and most of them used machine learning in their proposed model. The papers suggested that building both accurate and fast detectors is possible with machine learning models, and feature processing techniques can be used to make detectors resistant to some evasive tactics used by malware. The study revealed a lack of research focus on optimizing the use of computational resources and counteracting sandbox evasion.
first_indexed 2023-05-31T20:13:49Z
format Pro gradu
free_online_boolean 1
fullrecord [{"key": "dc.contributor.advisor", "value": "H\u00e4m\u00e4l\u00e4inen, Timo", "language": "", "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.author", "value": "Veini, Tuuli", "language": "", "element": "contributor", "qualifier": "author", "schema": "dc"}, {"key": "dc.date.accessioned", "value": "2023-05-31T07:36:46Z", "language": null, "element": "date", "qualifier": "accessioned", "schema": "dc"}, {"key": "dc.date.available", "value": "2023-05-31T07:36:46Z", "language": null, "element": "date", "qualifier": "available", "schema": "dc"}, {"key": "dc.date.issued", "value": "2023", "language": "", "element": "date", "qualifier": "issued", "schema": "dc"}, {"key": "dc.identifier.uri", "value": "https://jyx.jyu.fi/handle/123456789/87338", "language": null, "element": "identifier", "qualifier": "uri", "schema": "dc"}, {"key": "dc.description.abstract", "value": "Tarkkojen ja vakaiden haittaohjelmatunnistimien luominen on v\u00e4ltt\u00e4m\u00e4t\u00f6nt\u00e4 haittaohjelmien kehittyess\u00e4 jatkuvasti. T\u00e4ss\u00e4 pro gradu -tutkielmassa suoritettiin systemaattinen kirjallisuuskatsaus tyypillisten haittaohjelmapiirteiden tunnistusmenetelmist\u00e4. Viime vuosien yleisimpi\u00e4 haittaohjelmaperheit\u00e4 tutkittiin ensin niille tyypillisten piirteiden tunnistamiseksi, joista t\u00e4rkeimpi\u00e4 olivat API-kutsut ja kommunikaatio komentopalvelimen kanssa. Sen j\u00e4lkeen suoritettiin systemaattinen katsaus l\u00f6ydettyjen piirteiden perusteella. Analysoitavaksi valittiin 33 artikkelia, jotka oli julkaistu vuosien 2018 ja 2023 v\u00e4lill\u00e4. Kaikki k\u00e4sitellyt artikkelit sovelsivat haittaohjelmien k\u00e4ytt\u00e4ytymisen tunnistamista ja suurin osa k\u00e4ytti koneoppimista kehitt\u00e4m\u00e4ss\u00e4\u00e4n mallissa. Analyysin perusteella tarkkojen ja nopeiden tunnistimien kehitt\u00e4minen on mahdollista koneoppimismalleilla, ja tunnistettavien piirteiden k\u00e4sittelyll\u00e4 voidaan torjua joitain haittaohjelmien k\u00e4ytt\u00e4mi\u00e4 v\u00e4ist\u00f6taktiikoita. Tutkimus osoitti puutteita laskentaresurssien k\u00e4yt\u00f6n optimointiin ja analyysiymp\u00e4rist\u00f6n v\u00e4ltt\u00e4misen torjumiseen keskittyv\u00e4ss\u00e4 tutkimuksessa.", "language": "fi", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.abstract", "value": "Building accurate and robust detectors is essential to keep up with constantly evolving malware. In this thesis, a systematic literature review of detection techniques of common malware features was conducted. Prevalent malware families of recent years were first studied to identify their common features, most important of which where API calls and communication with a Command and Control server. The systematic review was then conducted based on the discovered features. The final analysis included 33 papers published between 2018 and 2023. All reviewed papers applied behavior-based detection and most of them used machine learning in their proposed model. The papers suggested that building both accurate and fast detectors is possible with machine learning models, and feature processing techniques can be used to make detectors resistant to some evasive tactics used by malware. The study revealed a lack of research focus on optimizing the use of computational resources and counteracting sandbox evasion.", "language": "en", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted by Paivi Vuorio (paelvuor@jyu.fi) on 2023-05-31T07:36:46Z\nNo. of bitstreams: 0", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Made available in DSpace on 2023-05-31T07:36:46Z (GMT). No. of bitstreams: 0\n Previous issue date: 2023", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.format.extent", "value": "86", "language": "", "element": "format", "qualifier": "extent", "schema": "dc"}, {"key": "dc.language.iso", "value": "eng", "language": null, "element": "language", "qualifier": "iso", "schema": "dc"}, {"key": "dc.rights", "value": "In Copyright", "language": null, "element": "rights", "qualifier": null, "schema": "dc"}, {"key": "dc.subject.other", "value": "malware detection", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.title", "value": "Detection techniques of common malware features : a systematic review", "language": "", "element": "title", "qualifier": null, "schema": "dc"}, {"key": "dc.type", "value": "master thesis", "language": null, "element": "type", "qualifier": null, "schema": "dc"}, {"key": "dc.identifier.urn", "value": "URN:NBN:fi:jyu-202305313394", "language": "", "element": "identifier", "qualifier": "urn", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Master\u2019s thesis", "language": "en", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Pro gradu -tutkielma", "language": "fi", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Informaatioteknologian tiedekunta", "language": "fi", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Faculty of Information Technology", "language": "en", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Informaatioteknologia", "language": "fi", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Information Technology", "language": "en", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "Jyv\u00e4skyl\u00e4n yliopisto", "language": "fi", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "University of Jyv\u00e4skyl\u00e4", "language": "en", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Tietotekniikka", "language": "fi", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Mathematical Information Technology", "language": "en", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "yvv.contractresearch.funding", "value": "0", "language": "", "element": "contractresearch", "qualifier": "funding", "schema": "yvv"}, {"key": "dc.type.coar", "value": "http://purl.org/coar/resource_type/c_bdcc", "language": null, "element": "type", "qualifier": "coar", "schema": "dc"}, {"key": "dc.rights.copyright", "value": "\u00a9 The Author(s)", "language": null, "element": "rights", "qualifier": "copyright", "schema": "dc"}, {"key": "dc.rights.accesslevel", "value": "openAccess", "language": null, "element": "rights", "qualifier": "accesslevel", "schema": "dc"}, {"key": "dc.type.publication", "value": "masterThesis", "language": null, "element": "type", "qualifier": "publication", "schema": "dc"}, {"key": "dc.subject.oppiainekoodi", "value": "602", "language": "", "element": "subject", "qualifier": "oppiainekoodi", "schema": "dc"}, {"key": "dc.subject.yso", "value": "koneoppiminen", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "haittaohjelmat", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "virustentorjuntaohjelmat", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "machine learning", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "malware", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "antivirus software", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.rights.url", "value": "https://rightsstatements.org/page/InC/1.0/", "language": null, "element": "rights", "qualifier": "url", "schema": "dc"}]
id jyx.123456789_87338
language eng
last_indexed 2025-02-18T10:56:09Z
main_date 2023-01-01T00:00:00Z
main_date_str 2023
online_boolean 1
online_urls_str_mv {"url":"https:\/\/jyx.jyu.fi\/bitstreams\/178d9cfd-5250-4c68-9f44-6844b5ec4087\/download","text":"URN:NBN:fi:jyu-202305313394.pdf","source":"jyx","mediaType":"application\/pdf"}
publishDate 2023
record_format qdc
source_str_mv jyx
spellingShingle Veini, Tuuli Detection techniques of common malware features : a systematic review malware detection Tietotekniikka Mathematical Information Technology 602 koneoppiminen haittaohjelmat virustentorjuntaohjelmat machine learning malware antivirus software
title Detection techniques of common malware features : a systematic review
title_full Detection techniques of common malware features : a systematic review
title_fullStr Detection techniques of common malware features : a systematic review Detection techniques of common malware features : a systematic review
title_full_unstemmed Detection techniques of common malware features : a systematic review Detection techniques of common malware features : a systematic review
title_short Detection techniques of common malware features
title_sort detection techniques of common malware features a systematic review
title_sub a systematic review
title_txtP Detection techniques of common malware features : a systematic review
topic malware detection Tietotekniikka Mathematical Information Technology 602 koneoppiminen haittaohjelmat virustentorjuntaohjelmat machine learning malware antivirus software
topic_facet 602 Mathematical Information Technology Tietotekniikka antivirus software haittaohjelmat koneoppiminen machine learning malware malware detection virustentorjuntaohjelmat
url https://jyx.jyu.fi/handle/123456789/87338 http://www.urn.fi/URN:NBN:fi:jyu-202305313394
work_keys_str_mv AT veinituuli detectiontechniquesofcommonmalwarefeaturesasystematicreview

Similar Items