{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,29]],"date-time":"2025-09-29T08:20:46Z","timestamp":1759134046830},"reference-count":27,"publisher":"IGI Global","issue":"3","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017,7]]},"abstract":"<jats:p>The advanced malware continue to be a challenge in digital world that signature-based detection techniques fail to conquer. The malware use many anti-detection techniques to mutate. Thus no virus scanner can claim complete malware detection even for known malware. Static and dynamic analysis techniques focus upon different kinds of malware such as Evasive or Metamorphic malware. This paper proposes a comprehensive approach that combines static checking and dynamic analysis for malware detection. Static analysis is used to check the specific code characteristics. Dynamic analysis is used to analyze the runtime behavior of malware. The authors propose a framework for the automated analysis of an executable's behavior using text mining. Text mining of dynamic attributes identifies the important features for classifying the executable as benign and malware. The synergistic combination proposed in this paper allows detection of not only known variants of malware but even the obfuscated, packed and unknown malware variants and malware evasive to dynamic analysis.<\/jats:p>","DOI":"10.4018\/ijisp.2017070103","type":"journal-article","created":{"date-parts":[[2017,5,3]],"date-time":"2017-05-03T15:26:44Z","timestamp":1493825204000},"page":"29-41","source":"Crossref","is-referenced-by-count":12,"title":["Malware Detection by Static Checking and Dynamic Analysis of Executables"],"prefix":"10.4018","volume":"11","author":[{"given":"Deepti","family":"Vidyarthi","sequence":"first","affiliation":[{"name":"Defence Institute of Advanced Technology, Pune, India"}]},{"given":"S.P.","family":"Choudhary","sequence":"additional","affiliation":[{"name":"Defence Institute of Advanced Technology, Pune, India"}]},{"given":"Subrata","family":"Rakshit","sequence":"additional","affiliation":[{"name":"Center of Artificial Intelligence & Robotics, Bangalore, India"}]},{"given":"C.R.S.","family":"Kumar","sequence":"additional","affiliation":[{"name":"Defence Institute of Advanced Technology, Pune, India"}]}],"member":"2432","reference":[{"key":"IJISP.2017070103-0","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-011-0152-x"},{"key":"IJISP.2017070103-1","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-006-0012-2"},{"key":"IJISP.2017070103-2","unstructured":"Bellard, F. (2005). QEMU \u2013 A Fast and Portable Dynamic Translator. Proceedings of the FREENIX Track of the USENIX Annual Technical Conference."},{"key":"IJISP.2017070103-3","unstructured":"Buehlmann, S., & Liebchen, C. (2010). Joebox: A Secure Sandbox Application for Windows to Analyse the Behaviour of Malware. Retrieved from http:\/\/www.joebox.org\/"},{"key":"IJISP.2017070103-4","first-page":"265","article-title":"A Simple Method for Detection of Metamorphic Malware using Dynamic Analysis and Text Mining. Procedia","volume":"54","author":"S. P.Choudhary","year":"2015","journal-title":"Computer Science"},{"key":"IJISP.2017070103-5","doi-asserted-by":"crossref","unstructured":"Das, S., Liu, Y., Zhang, W., & Chandramohan, M. (2016). Semantics-Based Online Malware Detection: Towards Efficient Real-Time Protection against Malware. IEEE Transactions on Information Forensics and Security, 11(2), 289-302.","DOI":"10.1109\/TIFS.2015.2491300"},{"key":"IJISP.2017070103-6","doi-asserted-by":"publisher","DOI":"10.1109\/ICWAMTIP.2012.6413482"},{"key":"IJISP.2017070103-7","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455779"},{"key":"IJISP.2017070103-8","doi-asserted-by":"crossref","unstructured":"Lanzi, A., Balzarotti, D., Kruegel, C., Christodorescu, M., & Kirda, E. (2010, October 4\u20138). Access Miner: Using System Centric Models for Malware Protection. Proceedings of CCS\u201910, Chicago, Illinois, USA.","DOI":"10.1145\/1866307.1866353"},{"key":"IJISP.2017070103-9","unstructured":"Lee, T., & Mody, J. J. (2006). Behavioral Classification. Proceedings of the European Institute for Computer Antivirus Research Conference (EICAR)."},{"key":"IJISP.2017070103-10","doi-asserted-by":"crossref","unstructured":"Mas'ud., Zaki, M., Sahib, S., Abdollah, M. F., Selamat, S. R., & Yusof, R. (2014). Analysis of Features Selection and Machine Learning Classifier in Android Malware Detection. Proceedings of theInternational Conference on Information Science & Applications (ICISA).","DOI":"10.1109\/ICISA.2014.6847364"},{"key":"IJISP.2017070103-11","unstructured":"McAfee Labs. (2016). Threats Report March 2016. Retrieved from http:\/\/www.mcafee.com\/in\/resources\/reports\/rp-quarterly-threats-mar-2016.pdf"},{"key":"IJISP.2017070103-12","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2007.17"},{"key":"IJISP.2017070103-13","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2007.21"},{"key":"IJISP.2017070103-14","unstructured":"Mourad, H. (2015). Sleeping your way out of the sandbox. Retrieved from https:\/\/www.sans.org\/reading-room\/whitepapers\/malicious\/sleeping-sandbox-35797"},{"key":"IJISP.2017070103-15","unstructured":"Norman Sandbox. (2015, Feb 13). Norman SandBox Whitepaper. Retrieved from http:\/\/download.norman.no\/whitepapers\/whitepaper Norman SandBox.pdf"},{"key":"IJISP.2017070103-16","unstructured":"Process Monitor. (2016). Retrieved from https:\/\/technet.microsoft.com\/en-us\/sysinternals"},{"key":"IJISP.2017070103-17","unstructured":"QuickHeal Quarterly Threat Report Q1-2016, (2016). Retrieved from http:\/\/dlupdate.quickheal.com\/documents\/others\/quick_heal_quarterly_threat_report_q1_2016.pdf"},{"key":"IJISP.2017070103-18","doi-asserted-by":"crossref","unstructured":"Rieck, K., Holz, T., Willems, C., Dussel, P., & Laskov, P. (2008). Learning and Classification of Malware Behavior. Proceedings of the5th International Conference (DIMVA)Detection of Intrusions and Malware, and Vulnerability Assessment (pp. 108\u2013125).","DOI":"10.1007\/978-3-540-70542-0_6"},{"key":"IJISP.2017070103-19","unstructured":"Sathyanarayanan, V. S., Kohli, P., & Bruhadeshwar, B. (2008). Signature Generation and Detection of Malware Families. Proceedings of the13th Australasian Conference onInformation Security and PrivacyACISP \u201808."},{"key":"IJISP.2017070103-20","doi-asserted-by":"crossref","unstructured":"Shafiq, M., Zubair, S., Tabish, M., Mirza, F., & Farooq, M. (2009). Pe-miner: Mining structural information to detect malicious executables in realtime. In Recent advances in intrusion detection (pp. 121-141). Berlin: Springer.","DOI":"10.1007\/978-3-642-04342-0_7"},{"key":"IJISP.2017070103-21","unstructured":"VirtualBox 5.0.26. (2016). Retrieved from https:\/\/www.virtualbox.org\/wiki\/Downloads\/"},{"key":"IJISP.2017070103-22","unstructured":"VXHeaven.org. (2015). Malware samples. Retrieved from http:\/\/vxheaven.org\/http:\/\/oc.gtisc.gatech.edu:8080\/search.cgi?search=root"},{"key":"IJISP.2017070103-23","unstructured":"Wang, X., Yu, W., Champion, A., Fu, X., & Xuan, D. (2007). Detecting Worms via Mining Dynamic Program Execution. Proceedings of Third International Conference on Security and Privacy in Communication Networks and the Workshops, SecureComm (pp. 412-421)."},{"key":"IJISP.2017070103-24","unstructured":"Weka 3. (2016). Data Mining with Open Source Machine Learning Software in Java. Retrieved from www.cs.waikato.ac.nz"},{"key":"IJISP.2017070103-25","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2007.45"},{"key":"IJISP.2017070103-26","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315261"}],"container-title":["International Journal of Information Security and Privacy"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.igi-global.com\/viewtitle.aspx?TitleId=181546","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,5,6]],"date-time":"2022-05-06T08:03:37Z","timestamp":1651824217000},"score":1,"resource":{"primary":{"URL":"http:\/\/services.igi-global.com\/resolvedoi\/resolve.aspx?doi=10.4018\/IJISP.2017070103"}},"subtitle":[""],"short-title":[],"issued":{"date-parts":[[2017,7]]},"references-count":27,"journal-issue":{"issue":"3"},"URL":"https:\/\/doi.org\/10.4018\/ijisp.2017070103","relation":{},"ISSN":["1930-1650","1930-1669"],"issn-type":[{"value":"1930-1650","type":"print"},{"value":"1930-1669","type":"electronic"}],"subject":[],"published":{"date-parts":[[2017,7]]}}}