A Survey of Malware Analysis Using Community Detection Algorithms

In recent years, we have witnessed an overwhelming and fast proliferation of different types of malware targeting organizations and individuals, which considerably increased the time required to detect malware. The malware developers make this issue worse by spreading many variants of the same malwa...

Full description

Saved in:
Bibliographic Details
Published inACM computing surveys Vol. 56; no. 2; pp. 1 - 29
Main Authors Amira, Abdelouahab, Derhab, Abdelouahid, Karbab, Elmouatez Billah, Nouali, Omar
Format Journal Article
LanguageEnglish
Published New York, NY ACM 29.02.2024
Association for Computing Machinery
Subjects
Algorithms
Computer science
Graph theory
Malware
Malware and its mitigation
Security and privacy
State-of-the-art reviews
Target detection
Taxonomy
Malware analysis
community detection
cyber-threat infrastructure
feature selection
Online AccessGet full text
ISSN0360-0300
1557-7341
DOI10.1145/3610223

Cover

More Information
Summary:In recent years, we have witnessed an overwhelming and fast proliferation of different types of malware targeting organizations and individuals, which considerably increased the time required to detect malware. The malware developers make this issue worse by spreading many variants of the same malware [13]. To deal with this issue, graph theory techniques, and particularly community detection algorithms, can be leveraged to achieve bulk detection of malware families and variants to identify malicious communities instead of focusing on the detection of an individual instance of malware, which could significantly reduce the detection time. In this article, we review the state-of-the-art malware analysis solutions that employ community detection algorithms and provide a taxonomy that classifies the solutions with respect to five facets: analysis task, community detection approach, target platform, analysis type, and source of features. We present the solutions with respect to the analysis task, which covers malware detection, malware classification, cyber-threat infrastructure detection, and feature selection. The findings of this survey indicate that there is still room for contributions to further improve the state of the art and address research gaps. Finally, we discuss the advantages and the limitations of the solutions, identify open issues, and provide future research directions.
Bibliography:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:0360-0300
1557-7341
DOI:10.1145/3610223