Yajin Zhou,Xuxian Jiang

DOI: https://doi.org/10.1109/sp.2012.16

2012-01-01

Abstract:The popularity and adoption of smart phones has greatly stimulated the spread of mobile malware, especially on the popular platforms such as Android. In light of their rapid growth, there is a pressing need to develop effective solutions. However, our defense capability is largely constrained by the limited understanding of these emerging mobile malware and the lack of timely access to related samples. In this paper, we focus on the Android platform and aim to systematize or characterize existing Android malware. Particularly, with more than one year effort, we have managed to collect more than 1,200 malware samples that cover the majority of existing Android malware families, ranging from their debut in August 2010 to recent ones in October 2011. In addition, we systematically characterize them from various aspects, including their installation methods, activation mechanisms as well as the nature of carried malicious payloads. The characterization and a subsequent evolution-based study of representative families reveal that they are evolving rapidly to circumvent the detection from existing mobile anti-virus software. Based on the evaluation with four representative mobile security software, our experiments show that the best case detects 79.6% of them while the worst case detects only 20.2% in our dataset. These results clearly call for the need to better develop next-generation anti-mobile-malware solutions.

Sharfah Ratibah Tuan Mat,Mohd Faizal Ab Razak,Mohd Nizam Mohmad Kahar,Juliza Mohamad Arif,Salwana Mohamad,Ahmad Firdaus

DOI: https://doi.org/10.1007/s11192-020-03834-6

IF: 3.801

Scientometrics

Abstract:Malware is a blanket term for Trojan, viruses, spyware, worms, and other files that are purposely created to harm computers, mobile devices, or computer networks. Malware commonly steals, encrypts, damages, and causes a mess in these devices. The growth of malware attacks has a consequence on the growth and attractiveness of mobile features in mobile devices. Most malware research aims to probe the different methods of preventing, analysing, and detecting malware attacks. This paper aims to demonstrate an exhaustive knowledge map of the Android malware by collecting a ten (10) year dataset from the Web of Science database. A bibliometric analysis was employed for analysing articles published between 2010 and 2019. Using the keyword "malware", 5622 articles were retrieved. After scrutinising with the keywords of "Android malware", 1278 articles were then collected. This study provides an overview of the articles, productivity, research area, the Web of Science categories, authors, high-cited articles, institutions, and impact journals examining malware. Research activities are continued by placing terms in the classification of malware detection systems that outline important areas in malware research. From the analysis, it can be concluded that the highest number of publications focusing on malware studies came from the continent of Asia. Additionally, this study discusses the challenges of malware studies in the recent research studies as well as the future direction.

Pushpam Devanand Nagdeve,Sharad Jadhav

DOI: https://doi.org/10.46610/joaat.2022.v07i01.001

2022-02-28

Journal of Android and IOS Applications and Testing

Abstract:Malware is suspicious software that nobody wants. It poses threats to the security of the networked system and is also designed to harm services or devices. They are designed to damage any data or to extract data so that cybercriminals can leverage over victims, which is advancing rapidly, states a big challenge for researchers. In this literature review, we did the manual research on the publications. The motive is to look at the available literary works on malware detection and determine how the investigation evolved and progressed based on quantity, content, and publication potential. Described the problems and challenges faced in analyzing malware and identifying system requirements. The goal of this study is to review and examine the literature on malware analysis and analyze how the study of malware has evolved from time to time. In terms of quality and publication outlets, malware has progressed as time goes on and so it becomes complex and later time, it can be difficult to understand its every detail and composition. Enlightening people about what the term malware is about and the variety of anti-evaluation techniques that can be used to thwart forensic evaluations and lessons through the post-investigation results on how to avoid malware analysis.

Rajvardhan Patil,Wei Deng

DOI: https://doi.org/10.1109/southeastcon44009.2020.9368268

2020-01-01

Abstract:In this era, where the volume and diversity of malware is rising exponentially, new techniques need to be employed for faster and accurate identification of the malwares. Manual heuristic inspection of malware analysis are neither effective in detecting new malware, nor efficient as they fail to keep up with the high spreading rate of malware. Machine learning approaches have therefore gained momentum. They have been used to automate static and dynamic analysis investigation where malware having similar behavior are clustered together, and based on the proximity unknown malwares get classified to their respective families. Although many such research efforts have been conducted where data-mining and machine-learning techniques have been applied, in this paper we show how the accuracy can further be improved using deep learning networks. As deep learning offers superior classification by constructing neural networks with a higher number of potentially diverse layers it leads to improvement in automatic detection and classification of the malware variants.In this research, we present a framework which extracts various feature-sets such as system calls, operational codes, sections, and byte codes from the malware files. In the experimental and result section, we compare the accuracy obtained from each of these features and demonstrate that feature vector for system calls yields the highest accuracy. The paper concludes by showing how deep learning approach performs better than the traditional shallow machine learning approaches.

Reginald D. Smith

DOI: https://doi.org/10.48550/arXiv.1410.8082

2014-09-25

Abstract:The development and evolution of malware including computer viruses, worms, and trojan horses, is shown to be closely analogous to the process of community succession long recognized in ecology. In particular, both changes in the overall environment by external disturbances, as well as, feedback effects from malware competition and antivirus coevolution have driven community succession and the development of different types of malware with varying modes of transmission and adaptability.

Cryptography and Security,Populations and Evolution

Pascal Maniriho,Abdun Naser Mahmood,Mohammad Jabed Morshed Chowdhury

DOI: https://doi.org/10.1016/j.future.2021.11.030

IF: 7.307

2022-05-01

Future Generation Computer Systems

Abstract:There has been an increasing trend of malware release, which raises the alarm for security professionals worldwide. It is often challenging to stay on top of different types of malware and their detection techniques, which are essential, particularly for researchers and the security community. Analysing malware to get insights into what it intends to perform on the victim’s system is one of the crucial steps towards malware detection. Malware analysis can be performed through static analysis, code analysis, dynamic analysis, memory analysis and hybrid analysis techniques. The next step to malware analysis is the detection model’s design using malware’s extracted patterns from the analysis. Machine learning and deep learning methods have drawn attention to researchers, owing to their ability to implement sophisticated malware detection models that can deal with known and unknown malicious activities. Therefore, this survey presents a comprehensive study and analysis of current malware and detection techniques using the snowball approach. It presents a comprehensive study on malware analysis testbeds, dynamic malware analysis and memory analysis, the taxonomy of malware behaviour analysis tools, datasets repositories, feature selection, machine learning and deep learning techniques. Moreover, comparisons of behaviour-based malware detection techniques have been grouped by categories of machine learning and deep learning techniques. This study also looks at various performance evaluation metrics, current research challenges in this area and possible future direction of research.

Habiba Habib,Insha Rafique

DOI: https://doi.org/10.69591/jcai.v1i1.18

2023-05-23

Abstract:Modern malware is very smart and designed to attack the target. Most of these sophisticated malwares are quite persistent and have escape mechanisms. Software that is malicious is bad. Researchers in both academia and industry face significant hurdles as a result of this malware's ability to harm computers without the knowledge of their owners. Given that harmful software refers to any software that exploits computer-based systems with malware in order to compromise data security, privacy, and availability, the aim of this study is to examine the literature that has been produced on malware attacks. This will allow us to carry out an analysis of the literature and see how the research has progressed in terms of quantity, content and means of publication. One cannot understand all aspects of most malware programs as they are so large and sophisticated. The correct implementation and use of anti-malware programs, as well as the education of Internet users about malware attacks, are crucial steps in defending the identity of online shoppers from malware attacks. Some of the shortcomings of screening approaches that need to be corrected for better screening were noted in critical appraisal of the study.

Daniele Ucci,Leonardo Aniello,Roberto Baldoni

DOI: https://doi.org/10.1016/j.cose.2018.11.001

2019-03-01

Abstract:Coping with malware is getting more and more challenging, given their relentless growth in complexity and volume. One of the most common approaches in literature is using machine learning techniques, to automatically learn models and patterns behind such complexity, and to develop technologies to keep pace with malware evolution. This survey aims at providing an overview on the way machine learning has been used so far in the context of malware analysis in Windows environments, i.e. for the analysis of Portable Executables. We systematize surveyed papers according to their objectives (i.e., the expected output), what information about malware they specifically use (i.e., the features), and what machine learning techniques they employ (i.e., what algorithm is used to process the input and produce the output). We also outline a number of issues and challenges, including those concerning the used datasets, and identify the main current topical trends and how to possibly advance them. In particular, we introduce the novel concept of malware analysis economics, regarding the study of existing trade-offs among key metrics, such as analysis accuracy and economical costs.

computer science, information systems

Lolitha Sresta Tupadha,Mark Stamp

DOI: https://doi.org/10.48550/arXiv.2107.01627

2021-07-04

Abstract:Malware evolves over time and antivirus must adapt to such evolution. Hence, it is critical to detect those points in time where malware has evolved so that appropriate countermeasures can be undertaken. In this research, we perform a variety of experiments on a significant number of malware families to determine when malware evolution is likely to have occurred. All of the evolution detection techniques that we consider are based on machine learning and can be fully automated -- in particular, no reverse engineering or other labor-intensive manual analysis is required. Specifically, we consider analysis based on hidden Markov models (HMM) and the word embedding techniques HMM2Vec and Word2Vec.

Cryptography and Security,Machine Learning

Sajedul Talukder

DOI: https://doi.org/10.48550/arXiv.2002.06819

2020-07-01

Abstract:One of the major and serious threats that the Internet faces today is the vast amounts of data and files which need to be evaluated for potential malicious intent. Malicious software, often referred to as a malware that are designed by attackers are polymorphic and metamorphic in nature which have the capability to change their code as they spread. Moreover, the diversity and volume of their variants severely undermine the effectiveness of traditional defenses which typically use signature based techniques and are unable to detect the previously unknown malicious executables. The variants of malware families share typical behavioral patterns reflecting their origin and purpose. The behavioral patterns obtained either statically or dynamically can be exploited to detect and classify unknown malware into their known families using machine learning techniques. This survey paper provides an overview of techniques and tools for detecting and analyzing the malware.

Cryptography and Security

Emanuele Cozzi,Mariano Graziano,Yanick Fratantonio,Davide Balzarotti

DOI: https://doi.org/10.1109/sp.2018.00054

2018-05-01

Abstract:For the past two decades, the security community has been fighting malicious programs for Windows-based operating systems. However, the recent surge in adoption of embedded devices and the IoT revolution are rapidly changing the malware landscape. Embedded devices are profoundly different than traditional personal computers. In fact, while personal computers run predominantly on x86-flavored architectures, embedded systems rely on a variety of different architectures. In turn, this aspect causes a large number of these systems to run some variants of the Linux operating system, pushing malicious actors to give birth to “Linux malware.” To the best of our knowledge, there is currently no comprehensive study attempting to characterize, analyze, and understand Linux malware. The majority of resources on the topic are available as sparse reports often published as blog posts, while the few systematic studies focused on the analysis of specific families of malware (e.g., the Mirai botnet) mainly by looking at their network-level behavior, thus leaving the main challenges of analyzing Linux malware unaddressed. This work constitutes the first step towards filling this gap. After a systematic exploration of the challenges involved in the process, we present the design and implementation details of the first malware analysis pipeline specifically tailored for Linux malware. We then present the results of the first large-scale measurement study conducted on 10,548 malware samples (collected over a time frame of one year) documenting detailed statistics and insights that can help directing future work in the area.

Sundar Krishnan

DOI: https://doi.org/10.48550/arXiv.2002.11805

2020-02-27

Abstract:Despite defensive advances in the Internet realm, Malware (malicious software) remains a Cybersecurity threat. These days, Malware can be purchased and licensed on the Internet to further customize and deploy. With hundreds of Malware variants discovered every day, organizations and users experience enormous financial losses as cybercriminals steal financial and user data. In this article surveys the human characteristics that are key to the defense chain against Malware. The article starts with the attack models/vectors that humans often fall prey to and their fallouts. Next, analysis of their root cause and suggest preventive measures that may be employed is detailed. The article concludes that while Internet user education, training, awareness can reduce the chances of Malware attacks,it cannot entirely eliminate them.

Cryptography and Security

Alejandro Calleja,Juan Tapiador,Juan Caballero

DOI: https://doi.org/10.1109/tifs.2018.2885512

IF: 7.231

2019-12-01

IEEE Transactions on Information Forensics and Security

Abstract:During the last decades, the problem of malicious and unwanted software (malware) has surged in numbers and sophistication. Malware plays a key role in most of today’s cyberattacks and has consolidated as a commodity in the underground economy. In this paper, we analyze the evolution of malware from 1975 to date from a software engineering perspective. We analyze the source code of 456 samples from 428 unique families and obtain measures of their size, code quality, and estimates of the development costs (effort, time, and number of people). Our results suggest an exponential increment of nearly one order of magnitude per decade in aspects such as size and estimated effort, with code quality metrics similar to those of benign software. We also study the extent to which code reuse is present in our dataset. We detect a significant number of code clones across malware families and report which features and functionalities are more commonly shared. Overall, our results support claims about the increasing complexity of malware and its production progressively becoming an industry.

computer science, theory & methods,engineering, electrical & electronic

Darius Moldovan,Simona Riurean

DOI: https://doi.org/10.33847/2686-8296.4.2_1

2022-12-28

Journal of Digital Science

Abstract:The internet has become more or less, for most of us a dangerous place to live, work and relax when no proper measures are taken, and the response to incidents is not very clear and well implemented, both for organizations and individuals. This paper makes a short overview of current types and incidents of cyber-attacks, as well as the current state of threats, and the grade of awareness worldwide. Some methods to prevent cyber-attacks, malware analysis, and threat hunting, are presented, too. The paper also contains an application developed with a series of APIs that link the application to open-source tools and activate them, hence analyzing the content of the possible malicious files.

Irfan Ul Haq,Sergio Chica,Juan Caballero,Somesh Jha

DOI: https://doi.org/10.48550/arXiv.1710.05202

2017-10-15

Abstract:Malware lineage studies the evolutionary relationships among malware and has important applications for malware analysis. A persistent limitation of prior malware lineage approaches is to consider every input sample a separate malware version. This is problematic since a majority of malware are packed and the packing process produces many polymorphic variants (i.e., executables with different file hash) of the same malware version. Thus, many samples correspond to the same malware version and it is challenging to identify distinct malware versions from polymorphic variants. This problem does not manifest in prior malware lineage approaches because they work on synthetic malware, malware that are not packed, or packed malware for which unpackers are available. In this work, we propose a novel malware lineage approach that works on malware samples collected in the wild. Given a set of malware executables from the same family, for which no source code is available and which may be packed, our approach produces a lineage graph where nodes are versions of the family and edges describe the relationships between versions. To enable our malware lineage approach, we propose the first technique to identify the versions of a malware family and a scalable code indexing technique for determining shared functions between any pair of input samples. We have evaluated the accuracy of our approach on 13 open-source programs and have applied it to produce lineage graphs for 10 popular malware families. Our malware lineage graphs achieve on average a 26 times reduction from number of input samples to number of versions.

Cryptography and Security

Heena

DOI: https://doi.org/10.48550/arXiv.2104.01835

2021-04-05

Cryptography and Security

Abstract:Malware has become a widely used means in cyber attacks in recent decades because of various new obfuscation techniques used by malwares. In order to protect the systems, data and information, detection of malware is needed as early as possible. There are various studies on malware detection techniques that have been done but there is no method which can detect the malware completely and make malware detection problematic. Static Malware analysis is very effective for known malwares but it does not work for zero day malware which leads to the need of dynamic malware detection and the behaviour based malware detection is comparatively good among all detection techniques like signature based, deep learning based, mobile/IOT and cloud based detection but still it is not able to detect all zero day malware which shows the malware detection is very challenging task and need more techniques for malware detection. This paper describes a literature review of various methods of malware detection. A short description of each method is provided and discusses various studies already done in the advanced malware detection field and their comparison based on the detection method used, accuracy and other parameters. Apart from this we will discuss various malware detection tools, dataset and their sources which can be used in further study. This paper gives you the detailed knowledge of advanced malwares, its detection methods, how you can protect your devices and data from malware attacks and it gives the comparison of different studies on malware detection.

Zahid Akhtar

DOI: https://doi.org/10.48550/arXiv.2101.08429

2021-01-21

Cryptography and Security

Abstract:Malwares are continuously growing in sophistication and numbers. Over the last decade, remarkable progress has been achieved in anti-malware mechanisms. However, several pressing issues (e.g., unknown malware samples detection) still need to be addressed adequately. This article first presents a concise overview of malware along with anti-malware and then summarizes various research challenges. This is a theoretical and perspective article that is hoped to complement earlier articles and works.

Ivan Zelinka,Miloslav Szczypka,Jan Plucar,Nikolay Kuznetsov

2023-06-02

Abstract:To date, a large number of research papers have been written on the classification of malware, its identification, classification into different families and the distinction between malware and goodware. These works have been based on captured malware samples and have attempted to analyse malware and goodware using various techniques, including techniques from the field of artificial intelligence. For example, neural networks have played a significant role in these classification methods. Some of this work also deals with analysing malware using its visualisation. These works usually convert malware samples capturing the structure of malware into image structures, which are then the object of image processing. In this paper, we propose a very unconventional and novel approach to malware visualisation based on dynamic behaviour analysis, with the idea that the images, which are visually very interesting, are then used to classify malware concerning goodware. Our approach opens an extensive topic for future discussion and provides many new directions for research in malware analysis and classification, as discussed in conclusion. The results of the presented experiments are based on a database of 6 589 997 goodware, 827 853 potentially unwanted applications and 4 174 203 malware samples provided by ESET and selected experimental data (images, generating polynomial formulas and software generating images) are available on GitHub for interested readers. Thus, this paper is not a comprehensive compact study that reports the results obtained from comparative experiments but rather attempts to show a new direction in the field of visualisation with possible applications in malware analysis.

Cryptography and Security,Computer Vision and Pattern Recognition

Et al. Rajesh Yadav

DOI: https://doi.org/10.17762/ijritcc.v11i11s.9817

2023-11-30

International Journal on Recent and Innovation Trends in Computing and Communication

Abstract:The huge amounts of data and information that need to be analyzed for possible malicious intent are one ofthe big and significant challenges that the Web faces today. Malicious software, also referred to as malware developed by attackers, is polymorphic and metamorphic in nature which can modify the code as it spreads.In addition, the diversity and volume of their variants severely undermine the effectiveness of traditional defenses that typically use signature-based techniques and are unable to detect malicious executables previously unknown. Malware family variants share typical patterns of behavior that indicate their origin and purpose. The behavioral trends observed either statically or dynamically can be manipulated by usingmachine learning techniques to identify and classify unknown malware into their established families. Thissurvey paper gives an overview of the malware detection and analysis techniques and tools.

Ashu Sharma,S.K. Sahay

DOI: https://doi.org/10.5120/15544-4098

2015-12-02

Abstract:Malwares are big threat to digital world and evolving with high complexity. It can penetrate networks, steal confidential information from computers, bring down servers and can cripple infrastructures etc. To combat the threat/attacks from the malwares, anti- malwares have been developed. The existing anti-malwares are mostly based on the assumption that the malware structure does not changes appreciably. But the recent advancement in second generation malwares can create variants and hence posed a challenge to anti-malwares developers. To combat the threat/attacks from the second generation malwares with low false alarm we present our survey on malwares and its detection techniques.

Cryptography and Security