It is not new that software is eating the world [1]. Industries and businesses everywhere are being “softwareized.” Meanwhile, we cannot deny that malware (malicious software) is also having a feast. This paper provides a comprehensive survey of existing technology for malware detection focused on data mining techniques. It starts with a taxonomy, primarily based on common types of malware: viruses, worms, Trojans, spyware, ransomware, scareware, bots, rootkits, and hybrid malware. Then, the paper describes the current state of the (anti-)malware industry.

The study is a bit short on the data mining techniques used. The authors restrain their efforts to describing detections relying on classification and clustering algorithms. On the other hand, it does a very good job at summarizing dozens of methods used in the literature. Further, the authors suggest new ideas for future research directions. Notably, they discuss the application of active learning to the task. Such a technique seems more appropriate to deal with a critical problem in the field: data scarcity. While cybercriminals usually cooperate and collaborate to build their malware, their counterparts keep collections of cybercrime data under lock.

The paper ends with a clear conclusion: there is no silver bullet when it comes to malware detection. All classification/clustering techniques have their pros and cons; thus, they will not always perform optimally. This survey serves well as a starting point and initial set of guidelines for people willing to do research in this field.