Short- versus long-term performance of detection models for obfuscated MSOffice-embedded malware.

This paper analyzes the efficiency of various machine learning models (artificial neural networks, random forest, decision tree, AdaBoost and XGBoost) against the evolution of VBA-based (Visual Basic for Applications) malware over a large period of time (1995–2021). The file set used in our research is comprehensive—approximately 1.9 million files (out of which 944,595 are malicious and the rest are benign)—which allowed to gain insights on the resilience of various machine learning models against the diversity and the evolution of file features that reflect obfuscation techniques in VBA-based malware. In studying detection of VBA-based malware, we focus on characteristics of both the classifiers—proactivity (short-term detection efficiency against future malware), endurance (long-term detection robustness)—and of the detection-wise relevant file features—feature perishability (dynamics of feature relevance). We also describe in some detail—as a prerequisite of the study—various obfuscation techniques used by the malware under investigation during the last decade. [ABSTRACT FROM AUTHOR]