Exploring Timeline-Based Malware Classification

Over the decades or so, Anti-Malware (AM) communities have been faced with a substantial increase in malware activity, including the development of ever-more-sophisticated methods of evading detection. Researchers have argued that an AM strategy which is successful in a given time period cannot work at a much later date due to the changes in malware design. Despite this argument, in this paper, we convincingly demonstrate a malware detection approach, which retains high accuracy over an extended time period. To the best of our knowledge, this work is the first to examine malware executables collected over a span of 10 years. By combining both static and dynamic features of malware and cleanware, and accumulating these features over intervals in the 10-year period in our test, we construct a high accuracy malware detection method which retains almost steady accuracy over the period. While the trend is a slight down, our results strongly support the hypothesis that perhaps it is possible to develop a malware detection strategy that can work well enough into the future.

[1]  Barton P. Miller,et al.  Hybrid Analysis and Control of Malware , 2010, RAID.

[2]  H. S. Kim,et al.  Commercial Antivirus Software Effectiveness: An Empirical Study , 2011, Computer.

[3]  Vijay Laxmi,et al.  MEDUSA: MEtamorphic malware dynamic analysis usingsignature from API , 2010, SIN.

[4]  Hayder Radha,et al.  Detecting Malware Outbreaks Using a Statistical Model of Blackhole Traffic , 2008, 2008 IEEE International Conference on Communications.

[5]  Md. Rafiqul Islam,et al.  Differentiating malware from cleanware using behavioural analysis , 2010, 2010 5th International Conference on Malicious and Unwanted Software.

[6]  Pitikhate Sooraksa,et al.  A discovery of sequential attack patterns of malware in botnets , 2010, 2010 IEEE International Conference on Systems, Man and Cybernetics.

[7]  Hyuncheol Jeong,et al.  A study of malware detection and classification by comparing extracted strings , 2011, ICUIMC '11.

[8]  Takeshi Yagi,et al.  Investigation and analysis of malware on websites , 2010, 2010 12th IEEE International Symposium on Web Systems Evolution (WSE).

[9]  Zhuoqing Morley Mao,et al.  Automated Classification and Analysis of Internet Malware , 2007, RAID.

[10]  Bo Zhu,et al.  A New Approach to Malware Detection , 2009, ISA.

[11]  Lynn Margaret Batten,et al.  Function length as a tool for malware classification , 2008, 2008 3rd International Conference on Malicious and Unwanted Software (MALWARE).

[12]  Md. Rafiqul Islam,et al.  Classification of malware based on integrated static and dynamic features , 2013, J. Netw. Comput. Appl..

[13]  Kangbin Yim,et al.  Malware Obfuscation Techniques: A Brief Survey , 2010, 2010 International Conference on Broadband, Wireless Computing, Communication and Applications.

[14]  Vinod Yegneswaran,et al.  An Inside Look at Botnets , 2007, Malware Detection.

[15]  Herbert A. Sturges,et al.  The Choice of a Class Interval , 1926 .

[16]  Jemal H. Abawajy Advances in Information Security and Assurance, Third International Conference and Workshops, ISA 2009, Seoul, Korea, June 25-27, 2009. Proceedings , 2009, ISA.

[17]  Ian H. Witten,et al.  The WEKA data mining software: an update , 2009, SKDD.

[18]  Md. Rafiqul Islam,et al.  An automated classification system based on the strings of trojan and virus families , 2009, 2009 4th International Conference on Malicious and Unwanted Software (MALWARE).