6 a Survey on Automated Dynamic Malware-Analysis Techniques And
CSUR4402-06 ACM-TRANSACTION February 8, 2012 20:36 6 A Survey on Automated Dynamic Malware-Analysis Techniques and Tools MANUEL EGELE, Vienna University of Technology THEODOOR SCHOLTE, SAP Research, Sophia Antipolis ENGIN KIRDA, Institute Eurecom, Sophia Antipolis CHRISTOPHER KRUEGEL, University of California, Santa Barbara Anti-virus vendors are confronted with a multitude of potentially malicious samples today. Receiving thou- sands of new samples every day is not uncommon. The signatures that detect confirmed malicious threats are mainly still created manually, so it is important to discriminate between samples that pose a new unknown threat and those that are mere variants of known malware. This survey article provides an overview of techniques based on dynamic analysis that are used to analyze potentially malicious samples. It also covers analysis programs that employ these techniques to assist human analysts in assessing, in a timely and appropriate manner, whether a given sample deserves closer manual inspection due to its unknown malicious behavior. Categories and Subject Descriptors: K.6.5 [Management of Computing and Information Systems]: Security and Protection General Terms: Security Additional Key Words and Phrases: Dynamic analysis, malware ACM Reference Format: Egele, M., Scholte, T., Kirda, E., and Kruegel, C. 2012. A survey on automated dynamic malware-analysis techniques and tools. ACM Comput. Surv. 44, 2, Article 6 (February 2012), 42 pages. DOI = 10.1145/2089125.2089126 http://doi.acm.org/10.1145/2089125.2089126 1. INTRODUCTION The Internet has become an essential part of daily life as more and more people use services that are offered on the Internet. The Internet has evolved from a basic commu- nication network to an interconnected set of information sources enabling, new forms of (social) interactions and marketplaces for the sale of products and services among other things.
[Show full text]