Investigating Dynamic Malware Analysis tool Research Proposal

Investigating Dynamic Malware Analysis tool - Research Proposal Example Signature based detection is susceptible to invasion. Since the pattern or the signature is obtained from a familiar malware, this detection technique is easily evaded by obfuscating a program such as junk insertion and packing (Mishra, 2010). Even simple obfuscation such as code re-ordering and inserting no-ops can create a variant of malware able to evade signature-based detectors. This technique is also not able to detect unknown malware. The signatures of this program are architecture by close observation of known malware hence signature-based detection is only able to detect â€Å"known malware.† At times, signature-based detection fails to pick a variant of an already known malware. In this respect, signature-based detection offers minimal zero-day protection (Venugopal & Hu, 2008). In addition, the signature database grows exponentially since the detector uses a specific signature for every variant of malware. Heuristic scanning bears a close resemblance to signature scanning with the only difference being, instead of checking for particular signatures; heuristic scanning will check for certain commands or instructions within a program, which are not typically found in application programs (Aycock, 2006). The heuristic engine ultimately is better placed to sense for potentially malicious executions in previously unexamined and new malicious behavior such as virus replication mechanism, payload of Trojan or worm distribution routine. Generic virus protection renders all other malware scanners obsolete and offers sufficient protection to stop any malware. The user is saved from weekly software updates since the software is able to detect all malwares. Although heuristic malware check offers tremendous benefits, today this technology is not adequate. Virus writers are able to come up with viruses that disregard the