Survey of Machine Learning Techniques for Malware Analysis

TL;DR

This survey reviews how machine learning techniques are applied to malware analysis in Windows environments, highlighting current trends, challenges, and introducing the concept of malware analysis economics.

Contribution

It systematically categorizes existing research based on objectives, features, and algorithms, and introduces the novel concept of malware analysis economics.

Findings

Identifies key machine learning algorithms used in malware analysis.

Highlights challenges related to datasets and evaluation metrics.

Proposes the concept of malware analysis economics for trade-off analysis.

Abstract

Coping with malware is getting more and more challenging, given their relentless growth in complexity and volume. One of the most common approaches in literature is using machine learning techniques, to automatically learn models and patterns behind such complexity, and to develop technologies to keep pace with malware evolution. This survey aims at providing an overview on the way machine learning has been used so far in the context of malware analysis in Windows environments, i.e. for the analysis of Portable Executables. We systematize surveyed papers according to their objectives (i.e., the expected output), what information about malware they specifically use (i.e., the features), and what machine learning techniques they employ (i.e., what algorithm is used to process the input and produce the output). We also outline a number of issues and challenges, including those concerning the used datasets, and identify the main current topical trends and how to possibly advance them. In particular, we introduce the novel concept of malware analysis economics, regarding the study of existing trade-offs among key metrics, such as analysis accuracy and economical costs.