Ricerc@Sapienza

In the last decade, a new class of cyber-threats, known with the name of “Advanced Persistent Threat” (APT) has emerged and is referred to as different organizations performing dangerous and effective attacks against financial and politic entities, critical infrastructures, etc. In order to early identify APT related malware, a semi-automatic approach for malware samples analysis is needed. Recently, a malware triage step for a semi-automatic malware analysis architecture has been introduced.

The skyrocketing grow rate of new malware brings novel challenges to protect computers and networks. Discerning truly novel malware from variants of known samples is a way to keep pace with this trend. This can be done by grouping known malware in families by similarity and classifying new samples into those families. As malware and their families evolve over time, approaches based on classifiers trained on a fixed ground truth are not suitable. Other techniques use clustering to identify families but they need to periodically re-cluster the whole set of samples, which does not scale well.

Coping with malware is getting more and more challenging, given their
relentless growth in complexity and volume. One of the most common approaches
in literature is using machine learning techniques, to automatically learn
models and patterns behind such complexity, and to develop technologies for
keeping pace with the speed of development of novel malware. This survey aims
at providing an overview on the way machine learning has been used so far in
the context of malware analysis. We systematize surveyed papers according to