[go: up one dir, main page]
Skip to main content
SpringerLink
Log in

Review of the Malware Categorization in the Era of Changing Cybethreats Landscape: Common Approaches, Challenges and Future Needs

  • Chapter
  • First Online:
Malware Analysis Using Artificial Intelligence and Deep Learning

Abstract

Malicious software threats have been known to Information Security professionals for over several decades since the dawn of computers. Developers of such software have been keeping up with technologies addressing known and unknown vulnerabilities for successful infection. With the growing amount of devices connected to the Internet, it has become apparent that the categorization of millions of malware samples is an emerging challenge. Malware labelling has become a significant challenge in the light of a large number of malware samples appearing daily. Many researchers and anti-virus vendors developed their unique naming methods that do not contribute to efficient incident response and remediation of the malware infections on a global scale. In this paper, first, we provide a view on the modern approaches to malware categorization concerning the needs of malware detection and analysis, specifically focusing on general modus operandi and automated analysis. Then, we review the State of the Art technical reports from the antivirus on the existing labelling initiatives and their usage by vendors. Finally, we give practical insight into future needs and current challenges of the naming schemes using ground truth knowledge. This review aims at bridging a knowledge gap between the existing labelling approaches, threats and malware functionality and problems related to large-scale malware classification.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 149.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 199.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 199.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    Message-Digest algorithm for 128-bit hash sum.

  2. 2.

    https://maecproject.github.io/documentation/overview/.

References

  1. Abraham, Shawn. 2018. Why windows get more virus attacks than mac or linux. https://www.malwarefox.com/windows-virus-attacks/. Accessed 25 Mar 2020.

  2. Akamai. Cyberattacks. https://www.akamai.com/uk/en/resources/cyber-attacks.jsp. Accessed 25 Mar 2020.

  3. Avclass. 2016. https://github.com/malicialab/avclass. Accessed 05 Feb 2020.

  4. Avira. Malware naming conventions. https://www.avira.com/en/support-malware-naming-conventions. Accessed 07 Feb 2020.

  5. Azab, Ahmad, Mamoun Alazab, and Mahdi Aiash. 2016. Machine learning based botnet identification traffic. In 2016 IEEE trustcom/BigDataSE/ISPA, 1788–1794, IEEE.

    Google Scholar 

  6. Azab, Ahmad, Robert Layton, Mamoun Alazab, and Jonathan Oliver. 2014. Mining malware to detect variants. In 2014 5th cybercrime and trustworthy computing conference, 44–53, IEEE.

    Google Scholar 

  7. Bencsáth, Boldizsár. 2012. Duqu, flame, gauss: Followers of stuxnet. https://www.rsaconference.com/writable/presentations/file_upload/br-208_bencsath.pdf. Accessed 10 July 2016.

  8. BitDefender. 2006. Virus naming. the “who’s who?” dilemma. Technical report, BitDefender. http://download.bitdefender.com/resources/files/Main/file/Virus_Naming_Whitepaper.pdf. Accessed 10 Jan 2020.

  9. Bontchev, Vesselin. 2015. Current status of the caro malware naming scheme. Virus bulletin (VB2005), Dublin, Ireland. Accessed 07 Feb 2020.

    Google Scholar 

  10. Bragen, Simen Rune. 2015. Malware detection through opcode sequence analysis using machine learning. Gj\(\phi \)vik University College.

    Google Scholar 

  11. CARO. Naming scheme - caro - computer antivirus research organization. www.caro.org/naming/scheme.html. Accessed 07 Feb 2020.

  12. Check Point. What is a cyber attack? https://www.checkpoint.com/definitions/what-is-cyber-attack/. Accessed 25 Mar 2020.

  13. Chen, Chong-Kuan. 2015. Malware classification and detection. http://www.slideshare.net/Bletchley131/malware-classificationanddetection. Accessed 10 July 2016.

  14. Chess, David M, and Steve R White. 2000. An undetectable computer virus. In Proceedings of virus bulletin conference, vol. 5.

    Google Scholar 

  15. Cisco. What are the most common cyber attacks? https://www.cisco.com/c/en/us/products/security/common-cyberattacks.html. Accessed 25 Mar 2020.

  16. ClamAV. Potentially unwanted applications (pua). https://www.clamav.net/documents/potentially-unwanted-applications-pua. Accessed 06 Feb 2020.

  17. Cohen, Fred. 1987. Computer viruses: Theory and experiments. Computers & Security 6 (1): 22–35.

    Article  Google Scholar 

  18. Comodo. A short history of computer viruses. https://antivirus.comodo.com/blog/computer-safety/short-history-computer-viruses/. Accessed 11 Feb 2020.

  19. Cvedetails.com - the ultimate security vulnerability datasource. 2020. https://www.cvedetails.com/. Accessed 17 Feb 2020.

  20. Critical Infrastructure Cybersecurity. 2014. Framework for improving critical infrastructure cybersecurity. Framework 1: 11.

    Google Scholar 

  21. Damshenas, Mohsen, Ali Dehghantanha, and Ramlan Mahmoud. 2013. A survey on malware propagation, analysis, and detection. International Journal of Cyber-Security and Digital Forensics (IJCSDF) 2 (4): 10–29.

    Google Scholar 

  22. Distler, Dennis, and Charles Hornat. 2007. Malware analysis: An introduction An introduction. Sans Reading Room.

    Google Scholar 

  23. Egele, Manuel, Theodoor Scholte, Engin Kirda, and Christopher Kruegel. 2012. A survey on automated dynamic malware-analysis techniques and tools. ACM Computing Surveys (CSUR) 44 (2): 6.

    Article  Google Scholar 

  24. Ericsson: Internet of things forecast. https://www.ericsson.com/en/mobility-report/internet-of-things-forecast. Accessed 11 Feb 2020.

  25. F-secure. F-secure classifies threats. https://www.f-secure.com/v-descs/guides/classification_guide.shtml. Accessed 06 Feb 2020.

  26. Grini, Lars Strande, Andrii Shalaginov, and Katrin Franke. 2016. Study of soft computing methods for large-scale multinomial malware types and families detection. In Proceedings of the the 6th world conference on soft computing.

    Google Scholar 

  27. Guarnieri, Claudio, Allessandro Tanasi, Jurriaan Bremer, and Mark Schloesser. 2012. The cuckoo sandbox.

    Google Scholar 

  28. Hardikar, A. 2008. Malware 101-viruses. SANS Institute.

    Google Scholar 

  29. Impe, Koen Van. 2018. How to choose the right malware classification scheme to improve incident response. https://securityintelligence.com/how-to-choose-the-right-malware-classification-scheme-to-improve-incident-response/. Accessed 07 Feb 2020.

  30. Kaspersky. Types of malware. https://www.kaspersky.com/resource-center/threats/malware-classifications. Accessed 06 Feb 2020.

  31. Kendall, Kris, and Chad McMillan. 2007. Practical malware analysis. In Black hat conference, USA.

    Google Scholar 

  32. Kirillov, Ivan, Desiree Beck, Penny Chase, and Robert Martin. 2011. Malware attribute enumeration and characterization. https://www.researchgate.net/profile/Robert_Martin10/publication/267691330_Malware_Attribute_Enumeration_and_Characterization/links/54bd188e0cf218d4a169ee0c/Malware-Attribute-Enumeration-and-Characterization.pdf. Accessed 07 Feb 2020.

  33. Kolter, J.Zico, and A. Marcus, Maloof. 2006. Learning to detect and classify malicious executables in the wild. Journal of Machine Learning Research 7: 2721–2744.

    Google Scholar 

  34. Krebs, Brian. 2003. A short history of computer viruses and attacks. Washingtonpost.com 14.

    Google Scholar 

  35. Lee, Alan, Vijay Varadharajan, and Udaya Tupakula. 2013. On malware characterization and attack classification. Proceedings of the 1st Australasian web conference 144: 43–47.

    Google Scholar 

  36. Malware Bytes. What is malware? https://www.malwarebytes.com/malware/#what-is-the-history-of-malware. Accessed 11 Feb 2020.

  37. Markel, Zane, and Michael Bilzor. 2014. Building a machine learning classifier for malware detection. In 2014 2nd workshop on anti-malware testing research (WATeR), 1–4, IEEE.

    Google Scholar 

  38. Martin, Lockheed. 2014. Cyber kill chain®. http://cyber.lockheedmartin.com/hubfs/GainingtheAdvantageCyberKillChain.pdf.

  39. Mell, Peter, and Tim Grance. 2002. Use of the common vulnerabilities and exposures (cve) vulnerability naming scheme. National inst of standards and technology gaithersburg md computer security div: Technical report.

    Google Scholar 

  40. Micro, Trend. New threat detection naming scheme in trend micro. https://success.trendmicro.com/solution/1119738-new-threat-detection-naming-scheme-in-trend-micro. Accessed 10 Feb 2020.

  41. Microsoft. Malware names. https://docs.microsoft.com/nb-no/windows/security/threat-protection/intelligence/malware-naming. Accessed 06 Feb 2020.

  42. Microsoft. Understanding alert levels in microsoft security essentials. https://docs.microsoft.com/nb-no/archive/blogs/robmar/understanding-alert-levels-in-microsoft-security-essentials. Accessed 06 Feb 2020.

  43. Microsoft. 2016. The microsoft windows malicious software removal tool helps remove specific, prevalent malicious software from computers that are running supported versions of windows. https://support.microsoft.com/en-us/kb/890830. Accessed 15 July 2016.

  44. MITRE. Common vulnerabilities and exposures. https://cve.mitre.org/about/index.html. Accessed 05 Feb 2020.

  45. MITRE. 2006. Common malware enumeration: reducing public confusion during malware outbreak. https://cme.mitre.org/about/index.html. Accessed 07 Feb 2020.

  46. Mo, Jianpeng. 2015. What can we learn from anti-malware naming conventions? https://www.opswat.com/blog/what-can-we-learn-anti-malware-naming-conventions, 2015. Accessed 07 Feb 2020.

  47. Mushtaq, Atif. 2010. World’s top malware. https://www.fireeye.com/blog/threat-research/2010/07/worlds_top_modern_malware.html. Accessed 15 July 2016.

  48. Netmarketshare - market share statistics for internet technologies. 2020. https://www.netmarketshare.com/. Accessed 06 Feb 2020.

  49. NI Business Info. Cyber security for business: Reasons behind cyber attacks. https://www.nibusinessinfo.co.uk/content/reasons-behind-cyber-attacks. Accessed 05 Feb 2020.

  50. MISP-Open Source Threat Intelligence Platform. Open standards for threat information sharing. http://www.misp-project.org/index.html. Accessed 07 Feb 2020.

  51. Rankin, B. 2018. A brief history of malware—its evolution and impact. https://www.lastline.com/blog/history-of-malware-its-evolution-and-impact/.

  52. Rieck, Konrad, Thorsten Holz, Carsten Willems, Patrick Düssel, and Pavel Laskov. 2008. Learning and classification of malware behavior. In Proceedings of the 5th international conference on detection of intrusions and malware, and vulnerability assessment, DIMVA’08, 108–125. Berlin: Springer.

    Google Scholar 

  53. S21Sec. 2013 Zeus timeline. https://www.s21sec.com/zeus-timeline-i/. Accessed 10 Jan 2020.

  54. Saarinen, Juha. 2017. Malware authors camouflage code with russian terms. https://www.itnews.com.au/news/malware-authors-camouflage-code-with-russian-terms-452012.

  55. Schiffman, Mike. 2010. A brief history of malware obfuscation. http://blogs.cisco.com/security/a_brief_history_of_malware_obfuscation_part_1_of_2. Accessed 13 July 2016.

  56. Sebastián, Marcos, Richard Rivera, Platon Kotzias, and Juan Caballero. 2016. Avclass: A tool for massive malware labeling. In International symposium on research in attacks, intrusions, and defenses, 230–253, Springer.

    Google Scholar 

  57. Securosis. 2012. Measuring and optimizing malware analysis: An open model. Technical report, Securosis. https://cdn.securosis.com/assets/library/reports/Securosis-MAQuant-v1.4_FINAL.pdf. Accessed 10 Jan 2020.

  58. Shalaginov, Andrii. 2017. Dynamic feature-based expansion of fuzzy sets in neuro-fuzzy for proactive malware detection. In 2017 20th international conference on information fusion (Fusion), 1–8, IEEE.

    Google Scholar 

  59. Shalaginov, Andrii. 2018. Advancing neuro-fuzzy algorithm for automated classification in largescale forensic and cybercrime investigations: Adaptive machine learning for big data forensic. PhD thesis, Norwegian University of Science and Technology.

    Google Scholar 

  60. Shalaginov, Andrii, Sergii Banin, Ali Dehghantanha, and Katrin Franke. 2017. Machine learning aided static malware analysis: A survey and tutorial. Cyber Threat Intelligence 2017.

    Google Scholar 

  61. Shalaginov, Andrii, and Katrin Franke. 2016. Automated intelligent multinomial classification of malware species using dynamic behavioural analysis. In 2016 14th annual conference on privacy, security and trust (PST), 70–77, IEEE.

    Google Scholar 

  62. Shalaginov, Andrii, Lars Strande Grini, and Katrin Franke. 2016. Understanding neuro-fuzzy on a class of multinomial malware detection problems. In International joint conference on neural networks (IJCNN) 2016, 684–691, Research Publishing Services.

    Google Scholar 

  63. Shankarapani, M, Kesav Kancherla, S Ramammoorthy, R Movva, and Srinivas Mukkamala. 2010. Kernel machines for malware classification and similarity analysis. In The 2010 international joint conference on neural networks (IJCNN), 1–6, IEEE.

    Google Scholar 

  64. Sikorski, Michael, and Andrew Honig. 2012. Practical malware analysis: The hands-on guide to dissecting malicious software. San Francisco: No Starch Press.

    Google Scholar 

  65. Skulason, Fridrik, Alan Solomon, and Vesselin Bontchev. 1991. CARO naming scheme.

    Google Scholar 

  66. Sophos. 2020. Sophos 2020 threat report. we’re covering your blind spots. Technical report, Sophos. Accessed 11 Feb 2020.

    Google Scholar 

  67. Stack Overflow. 2016. Stack overflow - developer survey results. http://stackoverflow.com/research/developer-survey-2016. Accessed 11 July 2016.

  68. Symantec. Preparing for a cyber attack. https://www.symantec.com/content/en/us/enterprise/other_resources/b-preparing-for-a-cyber-attack-interactive-SYM285k_050913.pdf. Accessed 05 Feb 2020.

  69. Symantec. 2011. Malware categories for policies. https://support.symantec.com/us/en/article.howto54185.html#v46370003. Accessed 06 Feb 2020.

  70. Symantec. 2019. Malicious code classifications and threat types. https://support.symantec.com/us/en/article.tech226322.html. Accessed 06 Feb 2020.

  71. Tehranipoor, Mohammad, and Farinaz Koushanfar. 2010. A survey of hardware trojan taxonomy and detection. IEEE Design & Test of Computers 27 (1): 10–25.

    Article  Google Scholar 

  72. TrendMicro. Malware naming. https://docs.trendmicro.com/all/ent/tms/v2.5/en-us/tda_2.5_olh/malware_naming.htm. Accessed 07 Feb 2020.

  73. UK National Cyber Security Center. 2016. How cyber attacks work. https://www.ncsc.gov.uk/information/how-cyber-attacks-work. Accessed 25 Mar 2020.

  74. Uppal, Dolly, Roopak Sinha, Vishakha Mehra, and Vinesh Jain. 2014. Malware detection and classification based on extraction of api sequences. In 2014 international conference on advances in computing, communications and informatics (ICACCI), 2337–2342, IEEE.

    Google Scholar 

  75. Virusshare. https://www.VirusShare.com/. Accessed 17 Feb 2020.

  76. VirusTotal. Report on trojandownloader zlob. https://www.virustotal.com/gui/file/e8331ed32e33ba0abb6a73c320552bd17d5fe7acd4189cbea5a72f933e2a09e9/detection. Accessed 10 Feb 2020.

  77. VirusTotal. https://www.virustotal.com/. Accessed 17 Feb 2020.

  78. Virustotal statistics. https://www.virustotal.com/en/statistics/. Accessed 04 Feb 2020.

  79. VxHeaven.org website mirror. 2018. https://github.com/opsxcq/mirror-vxheaven.org.

  80. Wichers, Dave. 2013. Owasp top-10 2013. OWASP Foundation.

    Google Scholar 

  81. Wikia. The malware database. http://malware.wikia.com/wiki/. Accessed 06 Feb 2020.

  82. Wu, C.H., and J.D. Irwin. 2016. Introduction to computer networks and cybersecurity. Boca Raton: CRC Press.

    Book  Google Scholar 

  83. Zabidi, M.N.A, M.A. Maarof, and A. Zainal. 2012. Malware analysis with multiple features. In 2012 UKSim 14th international conference on computer modelling and simulation (UKSim), 231–235.

    Google Scholar 

  84. Zelster, L. 2015. Mastering 4 stages of malware analysis. https://zeltser.com/mastering-4-stages-of-malware-analysis/.

  85. Zelster, L. 2011. Assigning descriptive names to malware – why and how? https://zeltser.com/descriptive-names-for-malware/.

  86. Zelster, L. 2011. How security companies assign names to malware specimens [web blog]. https://zeltser.com/malware-naming-approaches/.

  87. Zhang, Boyun, Jianping Yin, Jingbo Hao, Dingxing Zhang, and Shulin Wang. 2007. Malicious codes detection based on ensemble learning. In Proceedings of the 4th international conference on autonomic and trusted computing, ATC’07, 468–477. Berlin: Springer.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Norwegian University of Science and Technology, Trondheim, Norway

    Andrii Shalaginov & Geir Olav Dyrkolbotn

  2. Charles Darwin University, Palmerston City, Australia

    Mamoun Alazab

Authors
  1. Andrii Shalaginov
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Geir Olav Dyrkolbotn
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mamoun Alazab
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Andrii Shalaginov .

Editor information

Editors and Affiliations

  1. Department of Computer Science, San Jose State University, San Jose, CA, USA

    Mark Stamp

  2. College of Engineering, IT & Environment, Charles Darwin University, Darwin, NT, Australia

    Mamoun Alazab

  3. Faculty of Information Technology and Electrical Engineering, Norwegian University of Science and Techology, Gjøvik, Norway

    Andrii Shalaginov

Rights and permissions

Reprints and permissions

Copyright information

© 2021 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Shalaginov, A., Dyrkolbotn, G.O., Alazab, M. (2021). Review of the Malware Categorization in the Era of Changing Cybethreats Landscape: Common Approaches, Challenges and Future Needs. In: Stamp, M., Alazab, M., Shalaginov, A. (eds) Malware Analysis Using Artificial Intelligence and Deep Learning. Springer, Cham. https://doi.org/10.1007/978-3-030-62582-5_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-62582-5_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-62581-8

  • Online ISBN: 978-3-030-62582-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation