| Abstract | Malware, or malicious software, is designed to infiltrate, damage, or disrupt computer systems without user consent. The rapid growth of internet usage has led to a surge in user-generated data, which has, in turn, fuelled an increase in malware-related criminal activities. These developments present significant challenges for securing digital infrastructures. Traditional malware analysis has primarily focused on the detection and binary classification of files as either malicious or safe. However, the increasing complexity of malware, coupled with the rapidly evolving threat landscape, demands more advanced and nuanced approaches for effective threat mitigation and cyber defence strategies. This research provides deeper insights into malware functionalities, behaviours, and the specific overall threat posed by different malware types, enabling more comprehensive and targeted defence mechanisms.
This study examines malware criminality, methodologies, and mitigation strategies, focusing on static malware analysis and API call analysis to enhance threat level prediction. A sample of 55 malware types and 6,293 API calls was analysed to generate detailed insights into malware behaviour. By adopting a “new penology” approach, the research shifts from punitive individual measures toward managing systemic malware risks. Drawing on the "risk society" concept, the research highlights how the emergence of new technologies and global information networks introduces risks that blur the line between social perception and tangible physical threats. Cyber risks, in particular, are influenced by both societal perceptions and real-world dangers, complicating their management.
To address these challenges, this study incorporates socio-technical factors, emphasising the importance of human and organisational elements in cybersecurity. By integrating technical analysis with social insights, this multidisciplinary framework provides a deeper understanding of how data becomes vulnerable to malware attacks.
A key contribution of this research is the development of standardised numerical threat representations, enabling objective comparisons across diverse malware samples. The study advances traditional classification approaches by employing multivariate linear regression to quantify the impact of various malware functionalities on overall threat levels, revealing the significance of sophisticated techniques like persistence and code execution. The Support Vector Machine (SVM) model further classifies malware into distinct threat levels, achieving an accuracy of 85.5% and enabling precise prioritisation of cybersecurity efforts. These findings underscore the critical role of advanced modelling techniques in enhancing the accuracy of malware threat predictions.
Furthermore, the study underscores the importance of collaboration among cybersecurity stakeholders. The proposed Strategic Implementation Framework (SIF), grounded in game theory, addresses key gaps in the existing literature by offering a tailored approach to malware-specific intelligence-sharing. This framework highlights the strategic sharing of cyber threat intelligence and proposes its integration into cyber insurance product development as a means to mitigate residual systemic cyber risks effectively.
This study, leveraging a modest sample size, focuses on static malware analysis while acknowledging its limitation in capturing behaviours observable only during execution. Despite this, it provides a foundational step toward standardised, data-driven threat assessments in cybersecurity, offering insights that future research with larger datasets and dynamic analysis could expand and refine. |
|---|