Identifying Authorship in Malicious Binaries: Features, Challenges & Datasets

Attributing a piece of malware to its creator typically requires threat intelligence. Binary attribution increases the level of difficulty as it mostly relies upon the ability to disassemble binaries to obtain authorship-related features. We perform a systematic analysis of works in the area of malw...

Full description

Saved in:
Bibliographic Details
Published in:ACM computing surveys 2024-08, Vol.56 (8), p.1-36, Article 212
Main Authors: Gray, Jason, Sgandurra, Daniele, Cavallaro, Lorenzo, Blasco Alis, Jorge
Format: Article
Language:English
Subjects:
Applied computing
Computer science
Datasets
Evidence collection, storage and analysis
General and reference
Intelligence gathering
Investigation techniques
Malware
Malware and its mitigation
Pseudonymity, anonymity and untraceability
Security and privacy
Surveys and overviews
Threat evaluation
Citations: Items that this one cites
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Attributing a piece of malware to its creator typically requires threat intelligence. Binary attribution increases the level of difficulty as it mostly relies upon the ability to disassemble binaries to obtain authorship-related features. We perform a systematic analysis of works in the area of malware authorship attribution. We identify key findings and some shortcomings of current approaches and explore the open research challenges. To mitigate the lack of ground-truth datasets in this domain, we publish alongside this survey the largest and most diverse meta-information dataset of 17,513 malware labeled to 275 threat actor groups.
ISSN:0360-0300
1557-7341
DOI:10.1145/3653973