A Survey of Stealth Malware Attacks, Mitigation Measures, and Steps Toward Autonomous Open World Solutions

  title={A Survey of Stealth Malware Attacks, Mitigation Measures, and Steps Toward Autonomous Open World Solutions},
  author={Ethan M. Rudd and Andras Rozsa and Manuel G{\"u}nther and Terrance E. Boult},
  journal={IEEE Communications Surveys \& Tutorials},
As our professional, social, and financial existences become increasingly digitized and as our government, healthcare, and military infrastructures rely more on computer technologies, they present larger and more lucrative targets for malware. Stealth malware in particular poses an increased threat because it is specifically designed to evade detection mechanisms, spreading dormant, in the wild for extended periods of time, gathering sensitive information or positioning itself for a high-impact… 

Figures and Tables from this paper

Tight Arms Race: Overview of Current Malware Threats and Trends in Their Detection
A detailed meta-review of the existing surveys related to malware and its detection techniques, showing an arms race between these two sides of a barricade and the evolution of modern threats in the communication networks.
Dynamic Defense Strategy against Stealth Malware Propagation in Cyber-Physical Systems
The extensive simulation results demonstrate that the proposed dynamic defense strategy can achieve a balance between fail-secure ability and fail-safe ability while retarding the stealth malware propagation in CPS.
A basic malware analysis method
  • Ilker Kara
  • Computer Science
    Computer Fraud & Security
  • 2019
Towards Accurate Run-Time Hardware-Assisted Stealthy Malware Detection: A Lightweight, yet Effective Time Series CNN-Based Approach
StealthMiner, a novel specialized time series machine learning-based approach to accurately detect stealthy malware trace at run-time using branch instructions, the most prominent HPC feature, is proposed.
MalAlert: Detecting Malware in Large-Scale Network Traffic Using Statistical Features
This paper investigates malware behaviors and designs a method to detect them relying only on network flow-level data, and shows that despite the coarse-grained information provided by network flows and the imbalance between legitimate and malicious traffic, MalAlert can distinguish between different types of malware.
Dynamic Defense against Stealth Malware Propagation in Cyber-Physical Systems: A Game-Theoretical Framework †
The proposed dynamic defense framework shows its advantage of achieving a balance between fail-secure ability and fail-safe ability while retarding the stealth malware propagation in CPS.
StateDroid: Stateful Detection of Stealthy Attacks in Android Apps via Horn-Clause Verification
This study shows stealthy attacks have been quite common among new-generation malware such as notorious ransomware, and is able to identify 7.5% of recent Google Play apps exhibit unexpected stealthy behaviors.
Robust Malware Detection for Internet of (Battlefield) Things Devices Using Deep Eigenspace Learning
This paper transmute OpCodes into a vector space and applies a deep Eigenspace learning approach to classify malicious and benign applications and presents a deep learning based method to detect Internet of Battlefield Things malware via the device’s Operational Code (OpCode) sequence.


Detecting stealth software with Strider GhostBuster
This paper describes the design and implementation of the Strider GhostBuster tool and demonstrates its efficiency and effectiveness in detecting resources hidden by real-world malware such as rootkits, Trojans, and key-loggers.
Fool Me If You Can: Mimicking Attacks and Anti-Attacks in Cyberspace
It is concluded that mimicking attacks can be discriminated from genuine flash crowds using second order statistical metrics and a new fine correntropy metrics are defined and show its effectiveness compared to others.
Android Security: A Survey of Issues, Malware Penetration, and Defenses
This review gives an insight into the strengths and shortcomings of the known research methodologies and provides a platform, to the researchers and practitioners, toward proposing the next-generation Android security, analysis, and malware detection techniques.
The Cousins of Stuxnet: Duqu, Flame, and Gauss
This paper presents the analysis of Duqu, an information-collecting malware sharing striking similarities with Stuxnet, and the newest member of the family, called Gauss, whose unique feature is that one of its modules is encrypted such that it can only be decrypted on its target system.
Metamorphic worm that carries its own morphing engine
This project designs and implements a prototype metamorphic worm that carries its own morphing engine and effectively evades signature and HMM-based detection, and considers possible detection strategies.
Modeling malicious activities in cyber space
The work on modeling malicious activities from various perspectives is summarized, the pros and cons of current models are discussed, and promising directions for possible efforts in the near future are presented.
A Virtual Machine Introspection Based Architecture for Intrusion Detection
This paper presents an architecture that retains the visibility of a host-based IDS, but pulls the IDS outside of the host for greater attack resistance, achieved through the use of a virtual machine monitor.
Outside the Closed World: On Using Machine Learning for Network Intrusion Detection
The main claim is that the task of finding attacks is fundamentally different from these other applications, making it significantly harder for the intrusion detection community to employ machine learning effectively.
Detecting and classifying method based on similarity matching of Android malware behavior with profile
The experiment results demonstrate that Andro-profiler is scalable, performs well in detecting and classifying malware with accuracy greater than 98 %, outperforms the existing state-of-the-art work, and is capable of identifying 0-day mobile malware samples.