Since the emergence of the first self-replicating software viruses in the 1980s, the history of malware has undergone a rich and fascinating evolution. From curious adolescents experimenting with computers to cyber-criminal orchestrating large-scale attacks, the landscape of malware development and dissemination encompassed a wide array of actors. Computer wizards, university professors, nation-state agencies, and multi-billion dollars corporations further enriches this narrative, reflecting the complex interplay and evolution of technology, society, and computer security.
As today, researchers have worked on the analysis, detection, and classification of malicious software for roughly 40 years. This ongoing effort has led to significant advancements in the understanding of the behavior, characteristics, and limitations of various types of malware, as well as to the development of new approaches to better detect and respond to this fundamental threat. But after thousands and thousands of papers published on this topic,what have we really learned about malware ?
By examining this questions through the lens of existing research, conducted both in my group and by many other researchers around the world, in this talk I try to identify a number of recurring themes and long-lasting challenges. The talk is divided in four parts, respectively covering theoretical studies, solutions for malware detection, analysis techniques, and recent advances in malware classification. Through the exploration of these areas, I will discuss which questions have captivated the most the interest of researchers, emphasizing those for which our community was able to provide concrete answers. Finally, I will discuss my (very personal) list of open questions for the future of malware research.
