Attributing a piece of malware to its creator typically requires threat intelligence. Binary attribution increases the level of difficulty as it mostly relies upon the ability to disassemble binaries to identify authorship style. Our survey explores malicious author style and the adversarial techniques used by them to remain anonymous. We examine the adversarial impact on the state-of-the-art methods. We identify key findings and explore the open research challenges. To mitigate the lack of ground truth datasets in this domain, we publish alongside this survey the largest and most diverse meta-information dataset of 15,660 malware labeled to 164 threat actor groups.
翻译:将恶意软件归咎给创建者通常需要威胁情报。 二进制属性增加了难度,因为它主要依赖拆分二进制来识别作者风格的能力。 我们的调查探索恶意作者风格和他们使用的对抗性技术以保持匿名。 我们检查对最新方法的对抗性影响。 我们找出关键发现并探索公开研究挑战。 为了减少这一领域缺乏地面真相数据集的情况,我们在这个调查中公布了最大和最多样化的元信息数据集,其中有15 660件恶意软件被贴在164个威胁行为者团体的标签上。