A Mathematical Model of HMST Model on Malware Static Analysis

Abstract

Malware is a malicious software that can contaminate communication devices, where information can be lost, encrypting or deleting the sensitive data, altering or hijacking core computing activities and monitoring a user's computer activity without proper authorization. Analyzing the behavior of any new type of malware, that threatens the security of information is the challenging task. Previous studies and research has used static and dynamic based analysis. Althrough there are various methods to analysis the behaviour of the malware, the innovation of new technology lead to undesirable growth of malware. A procedure to analyze the characteristics and its nature is the need of the day. To mitigate this issue, malware specific procedures need to be evolved by analysing its behaviour. In this article, the authors present a heuristic-based malware static analysis testing (HMST) through a six step process including hash verification, PE structure analysis, packer signature analysis, entropy analysis, antivirus check and string analysis. Heuristic-based malware static analysis (MSA) depends on the six characterstics. The six characteristics sequence is quantified mathematially. Hash verification is presented as a dynamic function, PE structure analysis (PESA) as the functional string, Packer Signature (PS) by functional boundedness, Entropy Analysis (EA) with probability, antivirus check (AC) of the discrete lagorthm-bit representation and string analysis (SA) lies with the comutational complexity. Hence, an optimized string is proposed for transmitting securely. CFF Explorer, BinText, PeID, DIE and VirusTotal are used for analyzing the behavior of the samples in this study.