Challenges and pitfalls in malware research

Botacin, Marcus; Ceschin, Fabrício; Sun, Ruimin; Oliveira, Daniela; Grégio, André

doi:10.1016/j.cose.2021.102287

Cited by 33 publications

(14 citation statements)

References 33 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Therefore, I conducted a critical literature review to identify common challenges and pitfalls in malware research. The findings were published in a paper [Botacin et al 2021b] which constitutes the core of all criticism 1 0 0 0 0 1 1 6 2 3 7 8 10 12 9 7 9 13 6 95 CCS 0 0 0 0 0 0 0 2 4 6 6 7 11 9 11 14 2 11 6 89 ACSAC 0 0 0 0 2 3 2 4 4 1 3 8 10 7 10 6 3 7 8 78 IEEE S&P 0 1 0 0 0 1 3 2 1 0 0 10 17 12 3 6 4 5 3 68 DIMVA 0 0 0 0 0 4 4 3 8 2 3 0 8 4 8 7 7 5 4 67 NDSS 0 0 0 0 1 0 2 0 3 3 3 3 2 4 5 4 9 7 3 49 RAID 0 0 1 0 0 1 3 0 0 0 0 0 3 5 5 3 4 3 3 31 ESORICS 0 0 0 0 0 1 0 0 2 1 presented in this thesis. Among all findings, I highlight: (i) the scarce number of longitudinal malware analysis studies in the literature, which motivates my investigation about the Brazilian scenario; and (ii) the uncertainty about the application of AV results in fair comparisons, which motivates my investigation on the development of new AV evaluation metrics.…”

Section: Academic Publicationsmentioning

confidence: 95%

On the Malware Detection Problem: Challenges & Novel Approaches

Botacin¹,

Geus²,

Grégio³

2022

Anais Estendidos Do XXII Simpósio Brasileiro De Segurança Da Informação E De Sistemas Computacionais (SBSeg Estendido 2022)

Self Cite

View full text Add to dashboard Cite

Many solutions to detect malware have been proposed over time, but effective and efficient malware detection still remains an open problem. In this work, I take a look at some malware detection challenges and pitfalls to contribute towards increasing system’s malware detection capabilities. I propose a new approach to tackle malware research in a practical but still scientific manner and leverage this approach to investigate four issues: (i) the need for understanding context to allow proper detection of localized threats; (ii) the need for developing better metrics for AntiVirus (AV) evaluation; (iii) the feasibility of leveraging hardware-software collaboration for efficient AV implementation, and (iv) the need for predicting future threats to allow faster incident responses.

show abstract

Section: Academic Publicationsmentioning

confidence: 95%

On the Malware Detection Problem: Challenges & Novel Approaches

Botacin¹,

Geus²,

Grégio³

2022

Anais Estendidos Do XXII Simpósio Brasileiro De Segurança Da Informação E De Sistemas Computacionais (SBSeg Estendido 2022)

Self Cite

View full text Add to dashboard Cite

show abstract

“…To thoroughly and correctly assess the detection capabilities of EKnad, we considered state-of-the-art methodologies and guidelines for evaluating ML algorithms in the computer security domain [49]. More specifically, there is a significant body of works (e.g., [50], [51], [52]) that have identified pitfalls in the evaluation procedure of ML algorithms when they are applied to detect malware, spam and network attacks. We have identified that the same erroneous evaluation methodologies have been also carried out in previous works related to EK detection, undermining the trustworthiness of their obtained experimental results.…”

Section: Methodsmentioning

confidence: 99%

EKnad: Exploit Kits’ network activity detection

Bountakas

Ntantogian

Xenakis

2022

Future Generation Computer Systems

View full text Add to dashboard Cite

“…This method is highly effective in evaluating the proposed methods; however, the lack of a commonly adopted dataset prevents comparing the evaluation metrics of the proposed methods. Botacin et al presented challenges and pitfalls in the malware research area and highlight the usage of nonpublicly available datasets limits reproducibility and prevents comparison of evaluation metrics [18]. The comparison of IoT Malware datasets is given in Table II.…”

Section: B Iot Malware Datasetsmentioning

confidence: 99%

Malware Threat on Edge/Fog Computing Environments From Internet of Things Devices Perspective

Gulatas

Kilinc²,

Zaim

et al. 2023

IEEE Access

View full text Add to dashboard Cite

Developing a secured information processing environment highly depends on securing all of the layers and devices in the environment. Edge/Fog computing environments are not an exception in this case, and the security of those environments highly depends on securing the Internet of Things (IoT) devices which are the most vulnerable devices through the environment. The adoption of Edge/Fog computing paradigms by new emerging technologies stimulated malware development for IoT platforms. Recent attacks initiated by IoT malware show that these attacks make a tremendous impact on compromised systems in terms of Quality of Service because of the number of infected IoT devices. In the light of these developments, there is an enormous need for efficient solutions. However, defense capability against these new malware types is highly constrained by the limited understanding of these new emerging paradigms and the lack of access to malware samples. This paper mainly focuses on IoT malware to understand the behaviors of malware on the most vulnerable layer of the Edge/Fog computing environments. Mainly, 64 IoT malware families are located from 2008 when the first known IoT malware emerged to October 2022. These malware families are systematically characterized from various aspects, including target architecture, target device, delivery methods, attack vectors, persistence techniques, and their evolution from existing malware. During this characterization process, two different investigation frameworks, "Cyber Kill Chain" and "Mitre ATT&CK for ICS," have been adopted in different investigation layers. This paper aims to bring light to future researches with presented features of the IoT malware.

show abstract

Challenges and pitfalls in malware research

Cited by 33 publications

References 33 publications

On the Malware Detection Problem: Challenges & Novel Approaches

On the Malware Detection Problem: Challenges & Novel Approaches

EKnad: Exploit Kits’ network activity detection

Malware Threat on Edge/Fog Computing Environments From Internet of Things Devices Perspective

Contact Info

Product

Resources

About