Digital transformation has revolutionized human life but also brought many cybersecurity challenges for users and enterprises. The major threats that affect computers and communication systems by damaging devices and stealing sensitive information are malicious attacks. Traditional anti-virus software fails to detect advanced kind of malware. Current research focuses on developing machine learning techniques for malware detection to respond in a timely manner. Many systems have been evolved and improved to distinguish the malware based on analysis behavior. The analysis behavior is considered a robust technique to detect, analyze, and classify malware, categorized into two models: a static and dynamic analysis. Both types of previous analysis have advantages and limitations. Therefore, the hybrid method combines the strength of static and dynamic analyses. This chapter conducted a systematic literature review (SLR) to summarize and analyze the quality of published studies in malware detection using machine learning techniques and hybrid analysis that range from 2016 to 2021.
TopIntroduction
Digital technologies have been widely used in the operations of business (Saeed, 2019), government (Saeed & Reddick, 2013) and nonprofit sector (Saeed & Rohde, 2013, Saeed & Shabbir, 2014). Such appropriated technology adoption has resulted in better productivity, cost effectiveness and enhanced customer satisfaction (Saeed et al., 2017). However, it has increased the probability of cybersecurity attacks on the technological infrastructures of the organizations. Such malicious attacks are carried out by software applications invented by hackers with a harmful purpose to obstruct the device's operations. The term malware was coined to name any computer program that has a malicious intention (Santos et al., 2009). Cohen et.al (1988) defined malware as a malicious code by attackers that harms our application programs and systems as well. The strength of these malicious programs is to evade any kinds of security restrictions (Harshalatha & Mohanasundaram, 2020).
Based on the research, it is becoming more challenging to identify malware because most malware programs tend to have several polymorphic layers to evade detections (Kumar & Ramamoorthy, 2017). Moreover, according to the studies, 80% of damaged systems were due to malware, whereas the remaining 20% system failures were from other factors. Generally, the malwares result in stealing and modifying the user information, malicious program collecting user sensitive information to be used illegally by attackers, and other severe implications (Pan et al., 2020). There are various forms of malware that contain worms, computer bugs, viruses, and other programs massively growing on the internet daily. Malwares are rising and growing explosively every day with various types and power, and pose an enormous threat to the security of sensitive information. Research studies showed that the manual examining and inspecting malware is considered inefficient and ineffective against malware's high spreading rate(Umamaheswaran et al., 2019).
The standard anti-virus software fails to detect the new malware programs and classify them into the same groups. Traditionally, anti-virus systems relied on two techniques for malware detection, which are signature-based and heuristic-based. The signature-based algorithm identifies the malware based on its unique hash. Simultaneously, the heuristic method comprises commands defined by specialists that monitor and analyze the malware behaviors. Despite the success of these methods, they fail to detect the unknown malware variants. Therefore, the security analysts have proposed behavior-based malwares. The primary purpose of this malware analysis is to provide any information regarding the malware's properties, strength, and behaviors in the given software. The malware behavior is categorized into two types which are static and dynamic analysis. The static analysis extracts the malware's feature from the source code or binary code and examines it without running the source code. Contrary, the dynamic analysis examines malware's executable by running it and observing its behavior. The categories of these analysis have advantages and limitations.