A Comparison of Static, Dynamic, and Hybrid Analysis for Malware Detection
This work addresses malware detection for cybersecurity, but it is incremental as it compares existing methods without introducing new paradigms.
The research compared static, dynamic, and hybrid analysis techniques for malware detection using Hidden Markov Models on various feature sets, finding that a fully dynamic approach generally achieved the best detection rates.
In this research, we compare malware detection techniques based on static, dynamic, and hybrid analysis. Specifically, we train Hidden Markov Models (HMMs ) on both static and dynamic feature sets and compare the resulting detection rates over a substantial number of malware families. We also consider hybrid cases, where dynamic analysis is used in the training phase, with static techniques used in the detection phase, and vice versa. In our experiments, a fully dynamic approach generally yields the best detection rates. We discuss the implications of this research for malware detection based on hybrid techniques.