Malware is a problem. Its spreading within industrial networks and critical infrastructures shows that there is an always increasing need for cybersecurity expertise to detect, protect, and react to infections. Unfortunately, analyzing how malware attacks a network can be an extremely complex task for a small team of cybersecurity specialists. Attackers can be highly motivated and can potentially have unlimited resources (in the worst cases).

Typically, malware is either statically or dynamically analyzed. However, malware writers can use “various techniques ... to evade static analysis” and “dynamic analysis tools ... are imperfect.” As the article states: “there is no single tool that cover[s] all aspects of malware behavior.”

In this survey, the authors provide a taxonomy for the malware, for the behavior of the malware, for how the malware analysis can be done, and for the techniques and tools available to perform it. The article concludes with a matrix summarizing malware behavior and correlations with layout and techniques. Such classifications can tremendously help malware analysts choose the best analysis strategy.

Chief information security officers (CISOs), security information and event management (SIEM), and security operations center (SOC) practitioners will benefit from reading this article, as it provides insight into the techniques of both malware authors and malware analysts.