A Survey on Malware Analysis Techniques: Static, Dynamic, Hybrid and Memory Analysis

Now a day the threat of malware is increasing rapidly. A software that sneaks to your computer system without your knowledge with a harmful intent to disrupt your computer operations. Due to the vast number of malware, it is impossible to handle malware by human engineers. Therefore, security researchers are taking great efforts to develop accurate and effective techniques to detect malware. This paper presents a semantic and detailed survey of methods used for malware detection like signature-based and heuristic-based. The Signature-based technique is largely used today by anti-virus software to detect malware, is fast and capable to detect known malware. However, it is not effective in detecting zero-day malware and it is easily defeated by malware that use obfuscation techniques. Likewise, a considerable false positive rate and high amount of scanning time are the main limitations of heuristic-based techniques. Alternatively, memory analysis is a promising technique that gives a comprehensive view of malware and it is expected to become more popular in malware analysis. The main contributions of this paper are: (1) providing an overview of malware types and malware detection approaches, (2) discussing the current malware analysis techniques, their findings and limitations, (3) studying the malware obfuscation, attacking and anti-analysis techniques, and (4) exploring the structure of memory-based analysis in malware detection. The detection approaches have been compared with each other according to their techniques, selected features, accuracy rates, and their advantages and disadvantages. This paper aims to help the researchers to have a general view of malware detection field and to discuss the importance of memory-based analysis in malware detection

Gait Recognition based on Inverse Fast Fourier Transform Gaussian and Enhancement Histogram Oriented of Gradient

Gait recognition using the energy image representation of the average silhouette image in one complete cycle becomes a baseline in model-free approaches research. Nevertheless, gait is sensitive to any changes. Up to date in the area of feature extraction, image feature representation method based on the spatial gradient is still lacking in efficiency especially for the covariate case like carrying bag and wearing a coat. Although the use of Histogram of orientation Gradient (HOG) in pedestrian detection is the most effective method, its accuracy is still considered low after testing on covariate dataset. Thus this research proposed a combination of frequency and spatial features based on Inverse Fast Fourier Transform and Histogram of Oriented Gradient (IFFTG-HoG) for gait recognition. It consists of three phases, namely image processing phase, feature extraction phase in the production of a new image representation and the classification. The first phase comprises image binarization process and energy image generation using gait average image in one cycle. In the second phase, the IFFTG-HoG method is used as a features gait extraction after generating energy image. Here, the IFFTG-HoG method has also been improved by using Chebyshev distance to calculate the magnitude of the gradient to increase the rate of recognition accuracy. Lastly, K-Nearest Neighbour (k=NN) classifier with K=1 is employed for individual classification in the third phase. A total of 124 people from CASIA B dataset were tested using the proposed IFTG-HoG method. It performed better in gait individual classification as the value of average accuracy for the standard dataset 96.7%, 93.1% and 99.6%compared to HoG method by 94.1%, 85.9% and 96.2% in order. With similar motivation, we tested on Rempit datasets to recognize motorcycle rider anomaly event and our proposed method also outperforms Dalal Method

HYBRID AND HOLISTIC APPROACHES FOR TRACKING AND ANALYSIS OF COMPUTER MEMORY

This research focused on the Computer Forensic with the aim to capture as much as possible the objects from the computer memory (RAM) image. In the past. the Digital Forensic Analyst only stressed on the analysis of the non-volatile drive such as hard drive. USB thumb drive and CD. Although these devices provide the platform to find the evidence in the computer equipment. it provides limited information especially in cases where the computer is being used for criminal purposes. Moreover. the past works on the computer memory only applied for mal ware analysis such as study on its behavior and capturing the virus signature. Nevertheless. with the improvement and advancement in computer technology and the introduction of Cloud Computing. computer memory has become the principal focus in obtaining the information since all the data is stored there before being processed by the CPU

HYBRID AND HOLISTIC APPROACHES FOR TRACKING AND ANALYSIS OF COMPUTER MEMORY

This research focused on the Computer Forensic with the aim to capture as much as possible the objects from the computer memory (RAM) image. In the past. the Digital Forensic Analyst only stressed on the analysis of the non-volatile drive such as hard drive. USB thumb drive and CD. Although these devices provide the platform to find the evidence in the computer equipment. it provides limited information especially in cases where the computer is being used for criminal purposes. Moreover. the past works on the computer memory only applied for mal ware analysis such as study on its behavior and capturing the virus signature. Nevertheless. with the improvement and advancement in computer technology and the introduction of Cloud Computing. computer memory has become the principal focus in obtaining the information since all the data is stored there before being processed by the CPU

An Analysis of the KDD99 and UNSW-NB15 Datasets for the Intrusion Detection System

The significant increase in technology development over the internet makes network security a crucial issue. An intrusion detection system (IDS) shall be introduced to protect the networks from various attacks. Even with the increased amount of works in the IDS research, there is a lack of studies that analyze the available IDS datasets. Therefore, this study presents a comprehensive analysis of the relevance of the features in the KDD99 and UNSW-NB15 datasets. Three methods were employed: a rough-set theory (RST), a back-propagation neural network (BPNN), and a discrete variant of the cuttlefish algorithm (D-CFA). First, the dependency ratio between the features and the classes was calculated, using the RST. Second, each feature in the datasets became an input for the BPNN, to measure their ability for a classification task concerning each class. Third, a feature-selection process was carried out over multiple runs, to indicate the frequency of the selection of each feature. From the result, it indicated that some features in the KDD99 dataset could be used to achieve a classification accuracy above 84%. Moreover, a few features in both datasets were found to give a high contribution to increasing the classification’s performance. These features were present in a combination of features that resulted in high accuracy; the features were also frequently selected during the feature selection process. The findings of this study are anticipated to help the cybersecurity academics in creating a lightweight and accurate IDS model with a smaller number of features for the developing technologies