A Study of Malware Analysis and Malware Detection Methods in Cyber-Security

Karan Chawla

Abstract: Any programme or file that purposefully hurts a computer, network, or server is known as malware, or malicious software. These harmful programmes steal, encrypt, and destroy private information. To detect malware, antivirus software often relies on a signature-based approach. To transmit malware that infects devices and networks, malware developers employ a range of physical and virtual methods. On the other hand, the behavior-based approach makes use of suspicious files that are run in a controlled setting, observed, and classified as hazardous if their behaviors resemble known malware. Behavior-based analysis may be used to detect new malware and malware that use obfuscation techniques; however it is time-consuming and has a high false positive rate. The memory-based approach is an option that is now gaining favor in malware detection due to the volume of data disclosed in the memory dump that may be used to investigate dangerous activities. Future malware is predicted to be more sophisticated. Attackers may utilize cutting-edge encryption or obfuscation technologies to render malware detection and analysis nearly difficult. Anti-virus programmes often detect malware by looking for well-known signatures. Unfortunately, a simple obfuscation technique may be used to readily avoid this method. Both static and dynamic assessments have significant drawbacks. As an alternative, malware may be thoroughly analyzed via memory analysis. Malware has a strong ability to conceal its code within the computer system. To finally carry out its operations, malware must, however, run its code in memory. This review paper analyses three different methodologies for malware analysis, namely, static, dynamic and memory analyses.

Keywords: Encryption, Malware, Signature, Computer Network, Behavior-Based Analysis, Memory Analysis, Dynamic Analyses