Malware is the acronym of Malicious Software. It has become a big threat in today’s computing world. The threat is increasing with a greater pace as the use of Internet in our day to day activities is growing extensively. The number of malware creators and websites distributing malware is increasing at an alarming rate which attracts researchers and developers to develop a better security solution for it. Developing an efficient malware detection technique is still an ongoing research. Understanding malware, features of malware, analysis methods and detection techniques are the prerequisites of malware research. In this paper, we have studied a few past research works based on API calls, N-Grams, Opcodes features used in malware detection. A detailed fundamental concept of malware detection is also presented in this paper. Use of Data mining algorithms in malware detection, different types of malware detection and analysis methods along with their pros and cons are also presented here. Aim of this paper is to gain prerequisite knowledge of malware research and concepts of malware detection techniques.

Malware detection, API call Sequence, Malware feature, Opcode sequence, n-grams, Data mining

[1] Ekta Gandotra, Divya Bansal, Sanjeev Sofat, “Malware Analysis and Classification: A Survey”, Journal of Information Security, April 2014, pp: 56-64
[2] Egele, M., Scholte, T., Kirda, E. and Kruegel, C. , “A Survey on Automated Dynamic Malware-Analysis Techniques and Tools”, Journal in ACM Computing Surveys, 44,2012, Article No. 6.
[3] Kirti Mathur, Saroj Hiranwal, “A Survey on Techniques in Detection and Analyzing Malware Executables”, International Journal of Advanced Research in Computer Science and Software Engineering, April 2013, Volume 3, Issue 4, ISSN: 2277 128X.
[4] Robiah Y, Siti Rahayu S., Mohd Zaki M, Shahrin S., Faizal M. A., Marliza R., “A New Generic Taxonomy on Hybrid Malware Detection Technique, (IJCSIS)International Journal of Computer Science and Information Security”, Vol. 5, No. 1, 2009.
[5] Matthew G. Schultz, Eleazar Eskin, Erez Zadok, and Salvatore J. Stolfo, “Data Mining Methods for Detection of New Malicious Executables”, in Proceedings of the Symposium on Security and Privacy, 2001, pp. 38-49.
[6] Raja Khurram Shahzad, Niklas Lavesson, Henric Johnson, “Accurate Adware Detection using Opcode Sequence extraction”, in Proc. of the 6th International Conference on Availability, Reliability and Security (ARES11),Prague, Czech Republic. IEEE, 2011, pp. 189-195.
[7] S. Hofmeyr, S. Forrest, and A. Somayaji, “Intrusion detection using sequences of system calls.” Journal of Computer Security, , 1998, pp. 151–180.
[8] Yuxin Ding , Xuebing Yuan, Ke Tang, Xiao Xiao, Yibin Zhang,” A fast malware detection algorithm based on objective-oriented association mining”, computers & s e c u rity 3 9, 2013, pp: 3 1 5 -3 2 4, Elsevier.
[9] K. Jeong and H. Lee, “Code graph for malware detection. In Information Networking.” ICOIN. International Conference on,. Jan 2008.
[10] Y. Ye, T. Li, K. Huang, Q. Jiang and Y. Chen, “Hierarchical associative classifier (HAC) for malware detection from the large and imbalanced gray list”. Journal of Intelligent Information Systems, 35(1),2010, pp.1-20.
[11] Wespi, A., Dacier, M., Debar, H.: Intrusion detection using variable- length audit trail patterns. In: Proceedings of the Recent Advances in Intrusion Detection, 2000 , pp. 110–129. Springer, France
[12] Sato, I., Okazaki, Y., Goto, S.: An improved intrusion detection method based on process profiling. IPSJ J. 43,2002, 3316–3326 (2002).
[13] Manzoor, S., Shafiq, M.Z., Tabish, S.M., Farooq, M.: A sense of ‘danger’ for windows processes. In: ICARIS. LNCS, vol. 5666,2009, pp. 220–233. Springer, Heidelberg .
[14] Greensmith, J., Aickelin, U.: The deterministic dendritic cell algorithm. In: Proceedings of the ICARIS. LNCS, vol. 5132,2008, pp. 291– 303. Springer, Heidelberg.
[15] Ahmed, F., Hameed, H., Shafiq, M.Z., Farooq, M.: Using spatio-temporal information in API calls ith machine learning algorithms for malware detection. In: Proceedings of the ACM Conference on Computer and Communications Security, 2009, pp. 55–62.
[16] Seifert, C., Steenson, R., Welch, I., Komisarczuk, P., Endicott-Popovsky, B.: Capture-a behavioral analysis tool for applications and documents. Digit. Investig. 4(Suppl. 1), 2007, S23–S30 .
[17] Madhu K. Shankarapani • Subbu Ramamoorthy , Ram S. Movva • Srinivas Mukkamala, “Malware detection using assembly and API call sequences”, J Comput Virol ,2011, Springer, pp:107–119
[18] Dolly Uppal, Rakhi Sinha, vishakha Mehra and Vinesh Jain, “Exploring Behavioural Aspects of API calls for Malware Identification and Categorization”, 6th int. conf. on computational intelligene and comm. Networks,IEEE,2014,pp:824-828.
[19] Ehab M. Alkhateeb, “Dynamic Malware Detection using API Similarity”, International Conference on Computer and Information Technology ,IEEE, 2017, pp:297-301
[20] D. Bilar, “OpCodes as predictor for malware,” International Journal of Electronic Security and Digital Forensics, vol. 1, no. 2, 2007, pp. 156.
[21] I. Santos, F. Brezo, J. Nieves, and Y. Penya, “Idea: OpCode-sequence based malware detection,”, Engineering Secure Software and System , 2010.
[22] C. Peng, H. Long and F. Ding, “Feature selection based on mutual information: cri-teria of max-dependency, max-relevance, and minredundancy.,” in IEEE Transactions on Pattern Analysis and Machine Intelligence, 2005.
[23] I. Santos, F. Brezo, X. Ugarte-Pedrero, and P. G. Bringas, “OpCode sequences as representation of executables for data-mining-based unknown malware detection,” Information Sciences, Aug. 2011.
[24] I. Santos, C. Laorden, and P. Bringas, “Collective classification for unknown malware detection,” Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, 2011.
[25] I. Santos, F. Brezo, B. Sanz, C. Laorden, and P. G. Bringas, “Using opCode sequences in single-class learning to detect unknown malware,” IET Information Security, vol. 5, no. 4, 2011, p. 220.
[26] I. Santos, B. Sanz, and C. Laorden, “OpCode-sequence-based semi-supervised unknown malware detection,”, Computational Intelligence in Security for Information Systems , 2011.
[27] N. Runwal, R. M. Low, and M. Stamp, “OpCode graph similarity and metamorphic detection,” Journal in Computer Virology, vol. 8, no. 1–2, Apr. 2012, pp. 37–52.
[28] A. Shabtai, R. Moskovitch, C. Feher, S. Dolev, and Y. Elovici, “Detecting unknown malicious code by applying classification techniques on OpCode patterns,” Security Informatics, vol. 1, no. 1, p. 1, 2012.
[29] Cheng Wang et.al. ,” A malware variants detection methodology with an opcode based feature method and a fast density based clustering algorithm”, 12th International Conference on Natural Computation, Fuzzy Systems and Knowledge Discovery ,IEEE,2016,pp:481-487.
[30] Yuxin Ding et. al., Application of Deep Belief Networks for Opcode Based Malware Detection, International Joint Conference on Neural Networks (IJCNN),IEEE,2016,pp:3901-3908.
[31] Jixin Zhang et.al. “IRMD: Malware variant Detection using opcode Image Recognition”, 22nd International Conference on Parallel and Distributed Systems, IEEE, 2016,pp:1175-1180.
[32] Tingting Wang, Ning Xu, “Malware Variants Detection Based on Opcode Image Recognition in Small Training Set”, 2nd International Conference on Cloud Computing and Big Data Analysis,IEEE,2017, pp:328-332.
[33] G. B. S. Gerald, J. Tesauro, Jeffrey O. Kephart, “Neural Network for Computer Virus Recognition.” IEEE Expert, 1996.
[34] W. A. and G. Tesauro, “Automatically Generated Win32 Heuristic Virus Detection,” in Virus Bulletin Conference, 2000.
[35] T. Abou-assaleh, N. Cercone, V. Keselj, and R. Sweidan, “N-gram-based Detection of New Malicious Code,” Proceedings of the 28th Annual International Computer Software and Applications Conference, 2004. COMPSAC 2004.
[36] M. M. Kolter JZ, “Learning to detect malicious executables in the wild.” in roc of the 10th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, 2006.
[37] J. Z. Kolter and M. A. Maloof, “Learning to Detect and Classify Malicious Executables in the Wild,” vol. 7, pp. 2721–2744, 2006.
[38] K.Wang W. Li and, S. Stolfo, , and B. Herzog. “Fileprints: Identifying File Types by n-gram Analysis.” In 6th IEEE Information Assurance Workshop, 2005.
[39] Matthew G. Schultz, Eleazar Eskin, Erez Zadok, Manasi Bhattacharya, and Salvatore J. Stolfo. “MEF: Malicious Email Filter: A UNIX mail Filter That Detects Malicious Windows Executables.” pp. 245–252, 2001.
[40] InSeon Yoo. “Visualizing windows executable viruses using self-organizing maps.” In Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security, pp. 82–89, 2004.
[41] Zhang Fuyong & ZhaoTiezhu, “Malware Detection and Classification Based on ngrams Attribute Similarity”, International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing (EUC), IEEE, 2017,pp: 793-796.
[42] D. Bruschi, L. Martignoni and M. Monga “Detecting self-mutating malware using control-flow graph matching,” In: Büschkes, R. And Laskov, P. (eds) Detection of Intrusions and Malware & Vulnerability Assessment, volume 4064 of LNCS, pp 129–143. Springer, Berlin. 2006.
[43] Z. Zhao, “A virus detection scheme based on features of Control Flow Graph.” 2nd International Conference on Artificial Intelligence, Management Science and Electronic Commerce (AIMSEC), pages 943- 947, 2011.
[44] G. Bonfante, M. Kaczmarek, J.Y. Marion. ‘‘Control Flow Graphs as Malware Signatures.’’ WTCV, May, 2007.
[45] Blake Anderson, Daniel Quist, Joshua Neil, Curtis Storlie, Terran Lane “Graph-based malware detection using dynamic analysis” J Comput Virol (2011) 7:247–258, Springer-Verlag France 2011.
[46] Ming Xu, Lingfei Wu, Shuhui Qi , Jian Xu, Haiping Zhang , Yizhi Ren, Ning Zheng , “A Similarity metric method of obfuscated malware using function-call graph”, J Comput Virol Hack Tech (2013) 9,pp :35–47, Springer-Verlag, France, 2013.
[47] Shahid Alam et. al., “Annotated Control Flow Graph for Metamorphic Malware Detection”, Security in Computer Systems and Networks , The Computer Journal, 2014.
[48] Mikhail Zolotukhin and Timo Hamaainen , “Detection of Zero-day Malware Based on the Analysis of Opcode Sequences”, 11th Annual IEEE CCNC - Security, Privacy and Content Protection, 2014,pp:386-391.
[49] Ding Yuxin et. Al., Malicious Code Detection Using Opcode Running Tree Representation, Ninth International Conference on P2P, Parallel, Grid, Cloud and Internet Computing,IEEE,2014,pp:616-621.
[50] Yuxin Ding et. al., Application of Deep Belief Networks for Opcode Based Malware Detection, International Joint Conference on Neural Networks (IJCNN),IEEE,2016,pp:3901-3908.