A survey of malware behavior description and analysis

作     者：Bo YU Ying FANG Qiang YANG Yong TANG Liu LIU 

作者机构：College of Computer National University of Defense Technology 

出 版 物：《Frontiers of Information Technology & Electronic Engineering》 (信息与电子工程前沿（英文版）)

年 卷 期：2018年第19卷第5期

页      面：583-603页

核心收录：

学科分类：0839[工学-网络空间安全] 08[工学] 081201[工学-计算机系统结构] 0812[工学-计算机科学与技术（可授工学、理学学位）] 

基　　金：Project supported by the National Natural Science Foundation of China(No.61472437) 

主　　题：Malware behavior Static analysis Dynamic Analysis Behavior data expression Behavior analysis Machinelearning Semantics-based analysis Behavior visualization Malware evolution 

摘      要：Behavior-based malware analysis is an important technique for automatically analyzing and detecting malware, and it has received considerable attention from both academic and industrial communities. By considering how malware behaves, we can tackle the malware obfuscation problem, which cannot be processed by traditional static analysis approaches, and we can also derive the as-built behavior specifications and cover the entire behavior space of the malware samples. Although there have been several works focusing on malware behavior analysis, such research is far from mature, and no overviews have been put forward to date to investigate current developments and challenges. In this paper, we conduct a survey on malware behavior description and analysis considering three aspects： malware behavior description, behavior analysis methods, and visualization techniques. First, existing behavior data types and emerging techniques for malware behavior description are explored, especially the goals, prin- ciples, characteristics, and classifications of behavior analysis techniques proposed in the existing approaches. Second, the in- adequacies and challenges in malware behavior analysis are summarized from different perspectives. Finally, several possible directions are discussed for future research.