Over the decades or so, Anti-Malware (AM) communities have been faced with a substantial increase in malware activity, including the development of ever-more-sophisticated methods of evading detection. Researchers have argued that an AM strategy which is successful in a given time period cannot work at a much later date due to the changes in malware design. Despite this argument, in this paper, we convincingly demonstrate a malware detection approach, which retains high accuracy over an extended time period. To the best of our knowledge, this work is the first to examine malware executables collected over a span of 10 years. By combining both static and dynamic features of malware and cleanware, and accumulating these features over intervals in the 10-year period in our test, we construct a high accuracy malware detection method which retains almost steady accuracy over the period. While the trend is a slight down, our results strongly support the hypothesis that perhaps it is possible to develop a malware detection strategy that can work well enough into the future.
|Title of host publication||Security and privacy protection in information processing systems |
|Subtitle of host publication||28th IFIP TC 11 International Conference, SEC 2013, Auckland, New Zealand, July 8-10, 2013. Proceedings |
|Editors||Lech J Janczewski, Henry B Wolfe, Sujeet Shenoi|
|Place of Publication||Germany|
|Number of pages||13|
|Publication status||Published - 2013|
|Name||IFIP advances in information and communication technology|