Abstract
During the last decades, the problem of malicious and unwanted software (malware) has surged in numbers and sophistication. Malware plays a key role in most of today’s cyber attacks and has consolidated as a commodity in the underground economy. In this work, we analyze the evolution of malware since the early 1980s to date from a software engineering perspective. We analyze the source code of 151 malware samples and obtain measures of their size, code quality, and estimates of the development costs (effort, time, and number of people). Our results suggest an exponential increment of nearly one order of magnitude per decade in aspects such as size and estimated effort, with code quality metrics similar to those of regular software. Overall, this supports otherwise confirmed claims about the increasing complexity of malware and its production progressively becoming an industry.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Available at: http://www.seg.inf.uc3m.es/~accortin/RAID_2016.html.
References
CLOC - count lines of code. http://github.com/AlDanial/cloc. Accessed 22 Sep 2015
Eclipse metrics plugin. https://marketplace.eclipse.org/content/eclipse-metrics. Accessed 4 Apr 2016
Jhawk. http://www.virtualmachinery.com/jhawkprod.htm. Accessed 4 Apr 2016
Radon. https://pypi.python.org/pypi/radon. Accessed 4 Apr 2016
Symantec’s 2015 internet security threat report. https://www.symantec.com/security_response/publications/threatreport.jsp. Accessed 6 Apr 2016
Unified code counter. http://csse.usc.edu/ucc_wp/. Accessed 4 Apr 2016
Albrecht, A.J.: Measuring Application Development Productivity. In: IBM Application Development Symposium, pp. 83–92. IBM Press, October 1979
Albrecht, A.J., Gaffney, J.E.: Software function, source lines of code, and development effort prediction: a software science validation. IEEE Trans. Softw. Eng. 9(6), 639–648 (1983)
Allodi, L., Kotov, V., Massacci, F.: MalwareLab: experimentation with cybercrime attack tools. In: USENIX Workshop on Cyber Security Experimentation and Test, Washington D.C., August 2013
Arce, I., Levy, E.: An analysis of the slapper worm. IEEE Secur. Priv. 1(1), 82–87 (2003)
Barford, P., Yegneswaran, V.: An Inside Look at Botnets. In: Christodorescu, M., Jha, S., Maughan, D., Song, D., Wang, C. (eds.) Malware Detection. Advances in Information Security, vol. 27, pp. 171–191. Springer, Heidelberg (2007)
Boehm, B.W.: Software Engineering Economics. Prentice-Hall, Upper Saddle River (1981)
Caballero, J., Grier, C., Kreibich, C., Paxson, V.: Measuring pay-per-install: the commoditization of malware distribution. In: Proceedings of the 20th USENIX Conference on Security, p. 13, SEC 2011. USENIX Association, Berkeley (2011)
Caballero, J., Poosankam, P., McCamant, S., Babic, D., Song, D.: Input generation via decomposition and re-stitching: finding bugs in malware. In: ACM Conference on Computer and Communications Security, Chicago, IL, October 2010
Caliskan-Islam, A., Harang, R., Liu, A., Narayanan, A., Voss, C., Yamaguchi, F., Greenstadt, R.: De-anonymizing programmers via code stylometry. In: USENIX Security Symposium (2015)
Diestel, R.: Graph Theory. Graduate Texts in Mathematics, vol. 173, 4th edn. Springer, New York (2012)
Eshete, B., Alhuzali, A., Monshizadeh, M., Porras, P., Venkatakrishnan, V., Yegneswaran, V.: EKHunter: a counter-offensive toolkit for exploit kit infiltration. In: Network and Distributed System Security Symposium, February 2015
Eshete, B., Venkatakrishnan, V.N.: WebWinnow: leveraging exploit kit workflows to detect malicious urls. In: ACM Conference on Data and Application Security and Privacy (2014)
Frantzeskou, G., MacDonell, S., Stamatatos, E., Gritzalis, S.: Examining the significance of high-level programming features in source code author classification. J. Syst. Softw. 81(3), 447–460 (2008). http://dx.doi.org/10.1016/j.jss.2007.03.004
Grier, C., Ballard, L., Caballero, J., Chachra, N., Dietrich, C.J., Levchenko, K., Mavrommatis, P., McCoy, D., Nappa, A., Pitsillidis, A., Provos, N., Rafique, M.Z., Rajab, M.A., Rossow, C., Thomas, K., Paxson, V., Savage, S., Voelker, G.M.: Manufacturing compromise: the emergence of exploit-as-a-service. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 821–832, CCS 2012. ACM, New York (2012)
Halstead, M.H.: Elements of Software Science (Operating and Programming Systems Series). Elsevier Science Inc., New York (1977)
Holz, T.: A short visit to the bot zoo. IEEE Secur. Priv. 3(3), 76–79 (2005)
IEEE: IEEE standard for software productivity metrics (IEEE std. 1045–1992). Technical report (1992)
Jones, C.: Programming Languages Table, Version 8.2. Software Productivity Research, Burlington (1996)
Jones, C.: Backfiring: converting lines-of-code to function points. Computer 28(11), 87–88 (1995)
Kotov, V., Massacci, F.: Anatomy of exploit kits. In: Jürjens, J., Livshits, B., Scandariato, R. (eds.) ESSoS 2013. LNCS, vol. 7781, pp. 181–196. Springer, Heidelberg (2013)
Lehman, M.M.: Laws of software evolution revisited. In: Montangero, C. (ed.) EWSPT 1996. LNCS, vol. 1149, pp. 108–124. Springer, Heidelberg (1996)
McCabe, T.J.: A complexity measure. In: Proceedings of the 2nd International Conference on Software Engineering, ICSE 1976, CA, USA, p. 407. IEEE Computer Society Press, Los Alamitos (1976)
Nguyen, V., Deeds-rubin, S., Tan, T., Boehm, B.: A SLOC counting standard. In: COCOMO II Forum 2007 (2007)
Oman, P., Hagemeister, J.: Metrics for assessing a software system’s maintainability. In: Proceedings of Conference on Software Maintenance, pp. 337–344 (1992)
Park, R.E.: Software size measurement: a framework for counting source statements. Technical report CMU/SEI-92-TR- 20, ESC-TR-92-20, Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania 15213, September 1992
Security, P.: 27 % of all recorded malware appeared in 2015. http://www.pandasecurity.com/mediacenter/press-releases/all-recorded-malware-appeared-in-2015. Accessed 6 Apr 2016
Software Engineering Institute: C4 Software Technology Reference Guide - A Prototype. Technical report CMU/SEI-97-HB-001, January 1997
Sommerville, I.: Software Engineering: (Update) (8th Edn.) (International Computer Science). Addison-Wesley Longman Publishing Co. Inc., Boston (2006)
Stringhini, G., Hohlfeld, O., Kruegel, C., Vigna, G.: The harvester, the botmaster, and the spammer: n the relations between the different actors in the spam landscape. In: Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security, pp. 353–364. ASIA CCS 2014, NY, USA. ACM, New York (2014)
Suarez-Tangil, G., Tapiador, J.E., Peris-Lopez, P., Ribagorda, A.: Evolution, detection and analysis of malware for smart devices. IEEE Commun. Surv. Tutorials 16(2), 961–987 (2014)
Thomas, K., Huang, D., Wang, D., Bursztein, E., Grier, C., Holt, T.J., Kruegel, C., McCoy, D., Savage, S., Vigna, G.: Framing dependencies introduced by underground commoditization. In: Workshop on the Economics of Information Security (2015)
Watson, A.H., Mccabe, T.J., Wallace, D.R.: Special publication 500–235, structured testing: a software testing methodology using the cyclomatic complexity metric. In: U.S. Department of Commerce/National Institute of Standards and Technology (1996)
Acknowledgments
We are very grateful to the anonymous reviewers for constructive feedback and insightful suggestions. This work was supported by the MINECO grant TIN2013- 46469-R (SPINY: Security and Privacy in the Internet of You), the CAM grant S2013/ICE-3095 (CIBERDINE: Cybersecurity, Data, and Risks), the Regional Government of Madrid through the N-GREENS Software-CM project S2013/ICE-2731 and by the Spanish Government through the Dedetis Grant TIN2015-7013-R.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Calleja, A., Tapiador, J., Caballero, J. (2016). A Look into 30 Years of Malware Development from a Software Metrics Perspective. In: Monrose, F., Dacier, M., Blanc, G., Garcia-Alfaro, J. (eds) Research in Attacks, Intrusions, and Defenses. RAID 2016. Lecture Notes in Computer Science(), vol 9854. Springer, Cham. https://doi.org/10.1007/978-3-319-45719-2_15
Download citation
DOI: https://doi.org/10.1007/978-3-319-45719-2_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-45718-5
Online ISBN: 978-3-319-45719-2
eBook Packages: Computer ScienceComputer Science (R0)