Abstract
Organizations face an urgent need to bolster their cybersecurity defenses against the rising threat of ransomware. Implementing advanced antivirus and antimalware tools is crucial for proactive identification and mitigation of malicious software. However, adversaries constantly refine malware to evade detection increasing the complexity of the threat. Hence, developing an effective strategy is nontrivial. To address this challenge, this study conducts various analyses on scan results of publicly shared malware samples. Utilizing metadata from 635K samples sourced from MalwareBazaar and scan results from VirusTotal, we assign family labels using AVClass. Additionally, we examine
a 90-day longitudinal dataset alongside the main dataset. Our findings demonstrate that while over 60% of scanner engines detect 67% of samples, certain malware families consistently exhibit lower detection rates. Detection capability improves over time, particularly within the initial 30 days, but remains
inadequate for specific families. Furthermore, we observe that some scanner engines demonstrate nearly flawless detection capability across all malware families, while the majority struggle with efficiently detecting certain types. Moreover, we performed Monte Carlo simulations and revealed that employing multiple scanner engines substantially enhances detection capability, with 3 to 7 scanners being optimal. Finally, simulation analysis in a case study highlights the
significant impact of hard-to-detect malware on risk and performance, underscoring the importance of effective malware strategies.
a 90-day longitudinal dataset alongside the main dataset. Our findings demonstrate that while over 60% of scanner engines detect 67% of samples, certain malware families consistently exhibit lower detection rates. Detection capability improves over time, particularly within the initial 30 days, but remains
inadequate for specific families. Furthermore, we observe that some scanner engines demonstrate nearly flawless detection capability across all malware families, while the majority struggle with efficiently detecting certain types. Moreover, we performed Monte Carlo simulations and revealed that employing multiple scanner engines substantially enhances detection capability, with 3 to 7 scanners being optimal. Finally, simulation analysis in a case study highlights the
significant impact of hard-to-detect malware on risk and performance, underscoring the importance of effective malware strategies.
Original language | English |
---|---|
Publication status | Published - 8 Jul 2024 |
Event | 9th International Workshop on Traffic Measurements for Cybersecurity, WTMC 2024 - University of Vienna, Vienna, Austria Duration: 8 Jul 2024 → 8 Jul 2024 Conference number: 9 https://wtmc.info/index.html |
Workshop
Workshop | 9th International Workshop on Traffic Measurements for Cybersecurity, WTMC 2024 |
---|---|
Abbreviated title | WTMC 2024 |
Country/Territory | Austria |
City | Vienna |
Period | 8/07/24 → 8/07/24 |
Other | co-located with 9th IEEE European Symposium on Security and Privacy |
Internet address |
Keywords
- VirusTotal
- malware detection
- defense strategy
- decision-making
- security investment