The University of Southampton
University of Southampton Institutional Repository

Survey of machine learning techniques for malware analysis

Survey of machine learning techniques for malware analysis
Survey of machine learning techniques for malware analysis
Coping with malware is getting more and more challenging, given their relentless growth in complexity and volume. One of the most common approaches in literature is using machine learning techniques, to automatically learn models and patterns behind such complexity, and to develop technologies to keep pace with malware evolution. This survey aims at providing an overview on the way machine learning has been used so far in the context of malware analysis in Windows environments, i.e. for the analysis of Portable Executables. We systematize surveyed papers according to their objectives (i.e., the expected output), what information about malware they specifically use (i.e., the features), and what machine learning techniques they employ (i.e., what algorithm is used to process the input and produce the output). We also outline a number of issues and challenges, including those concerning the used datasets, and identify the main current topical trends and how to possibly advance them. In particular, we introduce the novel concept of malware analysis economics, regarding the study of existing trade-offs among key metrics, such as analysis accuracy and economical costs.
0167-4048
123-147
Ucci, Daniele
a25d9fc6-0075-4d85-bd3f-155058fe32ad
Aniello, Leonardo
9846e2e4-1303-4b8b-9092-5d8e9bb514c3
Baldoni, Roberto
6ea5e1cc-92fe-4b9d-9ed3-0b7970553965
Ucci, Daniele
a25d9fc6-0075-4d85-bd3f-155058fe32ad
Aniello, Leonardo
9846e2e4-1303-4b8b-9092-5d8e9bb514c3
Baldoni, Roberto
6ea5e1cc-92fe-4b9d-9ed3-0b7970553965

Ucci, Daniele, Aniello, Leonardo and Baldoni, Roberto (2019) Survey of machine learning techniques for malware analysis. Computers and Security, 81, 123-147. (doi:10.1016/j.cose.2018.11.001).

Record type: Article

Abstract

Coping with malware is getting more and more challenging, given their relentless growth in complexity and volume. One of the most common approaches in literature is using machine learning techniques, to automatically learn models and patterns behind such complexity, and to develop technologies to keep pace with malware evolution. This survey aims at providing an overview on the way machine learning has been used so far in the context of malware analysis in Windows environments, i.e. for the analysis of Portable Executables. We systematize surveyed papers according to their objectives (i.e., the expected output), what information about malware they specifically use (i.e., the features), and what machine learning techniques they employ (i.e., what algorithm is used to process the input and produce the output). We also outline a number of issues and challenges, including those concerning the used datasets, and identify the main current topical trends and how to possibly advance them. In particular, we introduce the novel concept of malware analysis economics, regarding the study of existing trade-offs among key metrics, such as analysis accuracy and economical costs.

Text
main - Accepted Manuscript
Download (576kB)

More information

Accepted/In Press date: 9 November 2018
e-pub ahead of print date: 24 November 2018
Published date: March 2019

Identifiers

Local EPrints ID: 426403
URI: https://eprints.soton.ac.uk/id/eprint/426403
ISSN: 0167-4048
PURE UUID: 941d9a00-e662-4656-aa50-1e24170d4032

Catalogue record

Date deposited: 27 Nov 2018 17:30
Last modified: 19 Nov 2019 05:06

Export record

Altmetrics

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of https://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×