The Curious Case of Machine Learning In Malware Detection

TL;DR

This paper critically evaluates the limitations of current machine learning methods in real-world malware detection, emphasizing the need for dynamic analysis and outlining future research directions.

Contribution

It provides a comprehensive review of machine learning in malware detection, identifies key challenges in wild environments, and proposes directions for developing next-generation solutions.

Findings

Current ML techniques struggle with malware in real-world scenarios

Dynamic malware analysis is likely the future of detection

Identifies three critical challenges for ML-based malware detection

Abstract

In this paper, we argue that machine learning techniques are not ready for malware detection in the wild. Given the current trend in malware development and the increase of unconventional malware attacks, we expect that dynamic malware analysis is the future for antimalware detection and prevention systems. A comprehensive review of machine learning for malware detection is presented. Then, we discuss how malware detection in the wild present unique challenges for the current state-of-the-art machine learning techniques. We defined three critical problems that limit the success of malware detectors powered by machine learning in the wild. Next, we discuss possible solutions to these challenges and present the requirements of next-generation malware detection. Finally, we outline potential research directions in machine learning for malware detection.