Dynamic Features for Robust Malware Detection: A Systematic Review, Taxonomy, and Practical Analysis Framework

The need to mitigate malware attacks cannot be overemphasized, as they pose serious threats to the critical information assets in cyberspace. Understanding and utilizing appropriate malware features is a game changer for implementing a high-performance malware detection system. Static analysis has been applied to malware features, but it has limitations in detecting  obfuscated and evasive malware. The lack of a complete understanding of  malware behavior underscores the need for dynamic analysis, which involves executing malware in an isolated environment to analyse its behaviour at runtime to mitigate attacks. Many existing works in the area of Malware analysis fail to sufficiently explore dynamic malware features, which is the basis for building a high performance malware detection system. This paper provides a detailed and comprehensive overview of the state-of-the-art dynamic malware features relevant for robust malware detection or classification. We systematically reviewed literature on dynamic Malware analysis and the features they utilize for machine learning-based malware analysis. The study also highlights the performance, contributions and limitations of various machine learning techniques proposed for dynamic malware analysis. It also identified and discussed different tools for dynamic malware analysis. This work not only serves as a compendium on the state-of-the-art in dynamic malware analysis but also provides a step-by-step framework for performing dynamic malware analysis. The  improved taxonomy of malware analysis presented in the paper addressed contradictions in existing literature on malware analysis. In general, this paper provides trends and future directions in dynamic malware analysis to offer useful support for further research.