Abstract
Malicious software threats have been known to Information Security professionals for over several decades since the dawn of computers. Developers of such software have been keeping up with technologies addressing known and unknown vulnerabilities for successful infection. With the growing amount of devices connected to the Internet, it has become apparent that the categorization of millions of malware samples is an emerging challenge. Malware labelling has become a significant challenge in the light of a large number of malware samples appearing daily. Many researchers and anti-virus vendors developed their unique naming methods that do not contribute to efficient incident response and remediation of the malware infections on a global scale. In this paper, first, we provide a view on the modern approaches to malware categorization concerning the needs of malware detection and analysis, specifically focusing on general modus operandi and automated analysis. Then, we review the State of the Art technical reports from the antivirus on the existing labelling initiatives and their usage by vendors. Finally, we give practical insight into future needs and current challenges of the naming schemes using ground truth knowledge. This review aims at bridging a knowledge gap between the existing labelling approaches, threats and malware functionality and problems related to large-scale malware classification.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
Message-Digest algorithm for 128-bit hash sum.
- 2.
References
Abraham, Shawn. 2018. Why windows get more virus attacks than mac or linux. https://www.malwarefox.com/windows-virus-attacks/. Accessed 25 Mar 2020.
Akamai. Cyberattacks. https://www.akamai.com/uk/en/resources/cyber-attacks.jsp. Accessed 25 Mar 2020.
Avclass. 2016. https://github.com/malicialab/avclass. Accessed 05 Feb 2020.
Avira. Malware naming conventions. https://www.avira.com/en/support-malware-naming-conventions. Accessed 07 Feb 2020.
Azab, Ahmad, Mamoun Alazab, and Mahdi Aiash. 2016. Machine learning based botnet identification traffic. In 2016 IEEE trustcom/BigDataSE/ISPA, 1788–1794, IEEE.
Azab, Ahmad, Robert Layton, Mamoun Alazab, and Jonathan Oliver. 2014. Mining malware to detect variants. In 2014 5th cybercrime and trustworthy computing conference, 44–53, IEEE.
Bencsáth, Boldizsár. 2012. Duqu, flame, gauss: Followers of stuxnet. https://www.rsaconference.com/writable/presentations/file_upload/br-208_bencsath.pdf. Accessed 10 July 2016.
BitDefender. 2006. Virus naming. the “who’s who?” dilemma. Technical report, BitDefender. http://download.bitdefender.com/resources/files/Main/file/Virus_Naming_Whitepaper.pdf. Accessed 10 Jan 2020.
Bontchev, Vesselin. 2015. Current status of the caro malware naming scheme. Virus bulletin (VB2005), Dublin, Ireland. Accessed 07 Feb 2020.
Bragen, Simen Rune. 2015. Malware detection through opcode sequence analysis using machine learning. Gj\(\phi \)vik University College.
CARO. Naming scheme - caro - computer antivirus research organization. www.caro.org/naming/scheme.html. Accessed 07 Feb 2020.
Check Point. What is a cyber attack? https://www.checkpoint.com/definitions/what-is-cyber-attack/. Accessed 25 Mar 2020.
Chen, Chong-Kuan. 2015. Malware classification and detection. http://www.slideshare.net/Bletchley131/malware-classificationanddetection. Accessed 10 July 2016.
Chess, David M, and Steve R White. 2000. An undetectable computer virus. In Proceedings of virus bulletin conference, vol. 5.
Cisco. What are the most common cyber attacks? https://www.cisco.com/c/en/us/products/security/common-cyberattacks.html. Accessed 25 Mar 2020.
ClamAV. Potentially unwanted applications (pua). https://www.clamav.net/documents/potentially-unwanted-applications-pua. Accessed 06 Feb 2020.
Cohen, Fred. 1987. Computer viruses: Theory and experiments. Computers & Security 6 (1): 22–35.
Comodo. A short history of computer viruses. https://antivirus.comodo.com/blog/computer-safety/short-history-computer-viruses/. Accessed 11 Feb 2020.
Cvedetails.com - the ultimate security vulnerability datasource. 2020. https://www.cvedetails.com/. Accessed 17 Feb 2020.
Critical Infrastructure Cybersecurity. 2014. Framework for improving critical infrastructure cybersecurity. Framework 1: 11.
Damshenas, Mohsen, Ali Dehghantanha, and Ramlan Mahmoud. 2013. A survey on malware propagation, analysis, and detection. International Journal of Cyber-Security and Digital Forensics (IJCSDF) 2 (4): 10–29.
Distler, Dennis, and Charles Hornat. 2007. Malware analysis: An introduction An introduction. Sans Reading Room.
Egele, Manuel, Theodoor Scholte, Engin Kirda, and Christopher Kruegel. 2012. A survey on automated dynamic malware-analysis techniques and tools. ACM Computing Surveys (CSUR) 44 (2): 6.
Ericsson: Internet of things forecast. https://www.ericsson.com/en/mobility-report/internet-of-things-forecast. Accessed 11 Feb 2020.
F-secure. F-secure classifies threats. https://www.f-secure.com/v-descs/guides/classification_guide.shtml. Accessed 06 Feb 2020.
Grini, Lars Strande, Andrii Shalaginov, and Katrin Franke. 2016. Study of soft computing methods for large-scale multinomial malware types and families detection. In Proceedings of the the 6th world conference on soft computing.
Guarnieri, Claudio, Allessandro Tanasi, Jurriaan Bremer, and Mark Schloesser. 2012. The cuckoo sandbox.
Hardikar, A. 2008. Malware 101-viruses. SANS Institute.
Impe, Koen Van. 2018. How to choose the right malware classification scheme to improve incident response. https://securityintelligence.com/how-to-choose-the-right-malware-classification-scheme-to-improve-incident-response/. Accessed 07 Feb 2020.
Kaspersky. Types of malware. https://www.kaspersky.com/resource-center/threats/malware-classifications. Accessed 06 Feb 2020.
Kendall, Kris, and Chad McMillan. 2007. Practical malware analysis. In Black hat conference, USA.
Kirillov, Ivan, Desiree Beck, Penny Chase, and Robert Martin. 2011. Malware attribute enumeration and characterization. https://www.researchgate.net/profile/Robert_Martin10/publication/267691330_Malware_Attribute_Enumeration_and_Characterization/links/54bd188e0cf218d4a169ee0c/Malware-Attribute-Enumeration-and-Characterization.pdf. Accessed 07 Feb 2020.
Kolter, J.Zico, and A. Marcus, Maloof. 2006. Learning to detect and classify malicious executables in the wild. Journal of Machine Learning Research 7: 2721–2744.
Krebs, Brian. 2003. A short history of computer viruses and attacks. Washingtonpost.com 14.
Lee, Alan, Vijay Varadharajan, and Udaya Tupakula. 2013. On malware characterization and attack classification. Proceedings of the 1st Australasian web conference 144: 43–47.
Malware Bytes. What is malware? https://www.malwarebytes.com/malware/#what-is-the-history-of-malware. Accessed 11 Feb 2020.
Markel, Zane, and Michael Bilzor. 2014. Building a machine learning classifier for malware detection. In 2014 2nd workshop on anti-malware testing research (WATeR), 1–4, IEEE.
Martin, Lockheed. 2014. Cyber kill chain®. http://cyber.lockheedmartin.com/hubfs/GainingtheAdvantageCyberKillChain.pdf.
Mell, Peter, and Tim Grance. 2002. Use of the common vulnerabilities and exposures (cve) vulnerability naming scheme. National inst of standards and technology gaithersburg md computer security div: Technical report.
Micro, Trend. New threat detection naming scheme in trend micro. https://success.trendmicro.com/solution/1119738-new-threat-detection-naming-scheme-in-trend-micro. Accessed 10 Feb 2020.
Microsoft. Malware names. https://docs.microsoft.com/nb-no/windows/security/threat-protection/intelligence/malware-naming. Accessed 06 Feb 2020.
Microsoft. Understanding alert levels in microsoft security essentials. https://docs.microsoft.com/nb-no/archive/blogs/robmar/understanding-alert-levels-in-microsoft-security-essentials. Accessed 06 Feb 2020.
Microsoft. 2016. The microsoft windows malicious software removal tool helps remove specific, prevalent malicious software from computers that are running supported versions of windows. https://support.microsoft.com/en-us/kb/890830. Accessed 15 July 2016.
MITRE. Common vulnerabilities and exposures. https://cve.mitre.org/about/index.html. Accessed 05 Feb 2020.
MITRE. 2006. Common malware enumeration: reducing public confusion during malware outbreak. https://cme.mitre.org/about/index.html. Accessed 07 Feb 2020.
Mo, Jianpeng. 2015. What can we learn from anti-malware naming conventions? https://www.opswat.com/blog/what-can-we-learn-anti-malware-naming-conventions, 2015. Accessed 07 Feb 2020.
Mushtaq, Atif. 2010. World’s top malware. https://www.fireeye.com/blog/threat-research/2010/07/worlds_top_modern_malware.html. Accessed 15 July 2016.
Netmarketshare - market share statistics for internet technologies. 2020. https://www.netmarketshare.com/. Accessed 06 Feb 2020.
NI Business Info. Cyber security for business: Reasons behind cyber attacks. https://www.nibusinessinfo.co.uk/content/reasons-behind-cyber-attacks. Accessed 05 Feb 2020.
MISP-Open Source Threat Intelligence Platform. Open standards for threat information sharing. http://www.misp-project.org/index.html. Accessed 07 Feb 2020.
Rankin, B. 2018. A brief history of malware—its evolution and impact. https://www.lastline.com/blog/history-of-malware-its-evolution-and-impact/.
Rieck, Konrad, Thorsten Holz, Carsten Willems, Patrick Düssel, and Pavel Laskov. 2008. Learning and classification of malware behavior. In Proceedings of the 5th international conference on detection of intrusions and malware, and vulnerability assessment, DIMVA’08, 108–125. Berlin: Springer.
S21Sec. 2013 Zeus timeline. https://www.s21sec.com/zeus-timeline-i/. Accessed 10 Jan 2020.
Saarinen, Juha. 2017. Malware authors camouflage code with russian terms. https://www.itnews.com.au/news/malware-authors-camouflage-code-with-russian-terms-452012.
Schiffman, Mike. 2010. A brief history of malware obfuscation. http://blogs.cisco.com/security/a_brief_history_of_malware_obfuscation_part_1_of_2. Accessed 13 July 2016.
Sebastián, Marcos, Richard Rivera, Platon Kotzias, and Juan Caballero. 2016. Avclass: A tool for massive malware labeling. In International symposium on research in attacks, intrusions, and defenses, 230–253, Springer.
Securosis. 2012. Measuring and optimizing malware analysis: An open model. Technical report, Securosis. https://cdn.securosis.com/assets/library/reports/Securosis-MAQuant-v1.4_FINAL.pdf. Accessed 10 Jan 2020.
Shalaginov, Andrii. 2017. Dynamic feature-based expansion of fuzzy sets in neuro-fuzzy for proactive malware detection. In 2017 20th international conference on information fusion (Fusion), 1–8, IEEE.
Shalaginov, Andrii. 2018. Advancing neuro-fuzzy algorithm for automated classification in largescale forensic and cybercrime investigations: Adaptive machine learning for big data forensic. PhD thesis, Norwegian University of Science and Technology.
Shalaginov, Andrii, Sergii Banin, Ali Dehghantanha, and Katrin Franke. 2017. Machine learning aided static malware analysis: A survey and tutorial. Cyber Threat Intelligence 2017.
Shalaginov, Andrii, and Katrin Franke. 2016. Automated intelligent multinomial classification of malware species using dynamic behavioural analysis. In 2016 14th annual conference on privacy, security and trust (PST), 70–77, IEEE.
Shalaginov, Andrii, Lars Strande Grini, and Katrin Franke. 2016. Understanding neuro-fuzzy on a class of multinomial malware detection problems. In International joint conference on neural networks (IJCNN) 2016, 684–691, Research Publishing Services.
Shankarapani, M, Kesav Kancherla, S Ramammoorthy, R Movva, and Srinivas Mukkamala. 2010. Kernel machines for malware classification and similarity analysis. In The 2010 international joint conference on neural networks (IJCNN), 1–6, IEEE.
Sikorski, Michael, and Andrew Honig. 2012. Practical malware analysis: The hands-on guide to dissecting malicious software. San Francisco: No Starch Press.
Skulason, Fridrik, Alan Solomon, and Vesselin Bontchev. 1991. CARO naming scheme.
Sophos. 2020. Sophos 2020 threat report. we’re covering your blind spots. Technical report, Sophos. Accessed 11 Feb 2020.
Stack Overflow. 2016. Stack overflow - developer survey results. http://stackoverflow.com/research/developer-survey-2016. Accessed 11 July 2016.
Symantec. Preparing for a cyber attack. https://www.symantec.com/content/en/us/enterprise/other_resources/b-preparing-for-a-cyber-attack-interactive-SYM285k_050913.pdf. Accessed 05 Feb 2020.
Symantec. 2011. Malware categories for policies. https://support.symantec.com/us/en/article.howto54185.html#v46370003. Accessed 06 Feb 2020.
Symantec. 2019. Malicious code classifications and threat types. https://support.symantec.com/us/en/article.tech226322.html. Accessed 06 Feb 2020.
Tehranipoor, Mohammad, and Farinaz Koushanfar. 2010. A survey of hardware trojan taxonomy and detection. IEEE Design & Test of Computers 27 (1): 10–25.
TrendMicro. Malware naming. https://docs.trendmicro.com/all/ent/tms/v2.5/en-us/tda_2.5_olh/malware_naming.htm. Accessed 07 Feb 2020.
UK National Cyber Security Center. 2016. How cyber attacks work. https://www.ncsc.gov.uk/information/how-cyber-attacks-work. Accessed 25 Mar 2020.
Uppal, Dolly, Roopak Sinha, Vishakha Mehra, and Vinesh Jain. 2014. Malware detection and classification based on extraction of api sequences. In 2014 international conference on advances in computing, communications and informatics (ICACCI), 2337–2342, IEEE.
Virusshare. https://www.VirusShare.com/. Accessed 17 Feb 2020.
VirusTotal. Report on trojandownloader zlob. https://www.virustotal.com/gui/file/e8331ed32e33ba0abb6a73c320552bd17d5fe7acd4189cbea5a72f933e2a09e9/detection. Accessed 10 Feb 2020.
VirusTotal. https://www.virustotal.com/. Accessed 17 Feb 2020.
Virustotal statistics. https://www.virustotal.com/en/statistics/. Accessed 04 Feb 2020.
VxHeaven.org website mirror. 2018. https://github.com/opsxcq/mirror-vxheaven.org.
Wichers, Dave. 2013. Owasp top-10 2013. OWASP Foundation.
Wikia. The malware database. http://malware.wikia.com/wiki/. Accessed 06 Feb 2020.
Wu, C.H., and J.D. Irwin. 2016. Introduction to computer networks and cybersecurity. Boca Raton: CRC Press.
Zabidi, M.N.A, M.A. Maarof, and A. Zainal. 2012. Malware analysis with multiple features. In 2012 UKSim 14th international conference on computer modelling and simulation (UKSim), 231–235.
Zelster, L. 2015. Mastering 4 stages of malware analysis. https://zeltser.com/mastering-4-stages-of-malware-analysis/.
Zelster, L. 2011. Assigning descriptive names to malware – why and how? https://zeltser.com/descriptive-names-for-malware/.
Zelster, L. 2011. How security companies assign names to malware specimens [web blog]. https://zeltser.com/malware-naming-approaches/.
Zhang, Boyun, Jianping Yin, Jingbo Hao, Dingxing Zhang, and Shulin Wang. 2007. Malicious codes detection based on ensemble learning. In Proceedings of the 4th international conference on autonomic and trusted computing, ATC’07, 468–477. Berlin: Springer.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Shalaginov, A., Dyrkolbotn, G.O., Alazab, M. (2021). Review of the Malware Categorization in the Era of Changing Cybethreats Landscape: Common Approaches, Challenges and Future Needs. In: Stamp, M., Alazab, M., Shalaginov, A. (eds) Malware Analysis Using Artificial Intelligence and Deep Learning. Springer, Cham. https://doi.org/10.1007/978-3-030-62582-5_3
Download citation
DOI: https://doi.org/10.1007/978-3-030-62582-5_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-62581-8
Online ISBN: 978-3-030-62582-5
eBook Packages: Computer ScienceComputer Science (R0)