A Comprehensive Survey on Polymorphic Malware Analysis: Challenges, Techniques, and Future Directions

Since the beginning of computing, malicious software has changed dramatically, becoming more complex and elusive. The increase in ransomware attacks has brought attention to the serious risks that malware poses, affecting not only individuals but also organizations, governments, and vital infrastructure like transportation networks and hospitals. Mitigating these dangers requires early identification of harmful behaviour, yet detecting new and unknown malware is still quite difficult. Static and dynamic analysis are the two main types of malware analysis approaches. Dynamic analysis watches how a file behaves in a controlled setting, whereas static analysis looks at a file without running it. Static analysis is less successful since malware writers use evasion strategies including dynamic code loading, encryption, and code obfuscation to evade detection. Conversely, dynamic analysis improves detection capabilities and provides deeper insights into malware behaviour while offering resilience against such evasion tactics. Notwithstanding these benefits, no one method is infallible, and current technologies are not always able to adequately capture the intricacies of polymorphic malware.

The methods currently used to analyse polymorphic malware are thoroughly reviewed in this survey, with an emphasis on their advantages, disadvantages, and room for development. This study intends to aid in the creation of more resilient and flexible malware detection systems by assessing the efficacy of different analytical methodologies.