Biblio

In this work a time evolution model is used to help categorize malicious samples. This method can be used in anti-malware testing procedures as well as in detecting cyber-attacks. The time evolution mathematical model can help security experts to better understand the behaviour of malware attacks and malware families. It can be used for estimating much better their spreading and for planning the required defence actions against them. The basic time dependent variable of this model is the Ratio of the malicious files within an investigated time window. To estimate the main characteristics of the time series describing the change of the Ratio values related to a specific malicious file, nonlinear, exponential curve fitting method is used. The free parameters of the model were determined by numerical searching algorithms. The three parameters can be used in the information security field to describe more precisely the behaviour of a piece of malware and a family of malware as well. In the case of malware families, the aggregation of these parameters can provide effective solution for estimating the cyberthreat trends.