Cyber-attacks are exploding at an alarming scale. An instrumental tool employed in these attacks is malware (malicious software) that enables adversaries to execute a wide range of offensive maneuvers for financial, social, and political gains. Challenges in countering such malware-induced cyber-attacks are two-fold. First, millions of new malware variants are reported every year. These variants differ in permutations of how, why, where, and when they attack, leading to a large number of diverse malware samples for analysis. Second, there is a lack of ground truth of malware behavior in the wild for research due to the evasive nature of malware in analysis environments.


Addressing such diverse cyber-attacks requires a comprehensive malware analysis and deployment platform that aids in (1) collecting real-world malware behavior; (2) forming labeled datasets that provide diverse perspectives (e.g., how, why, when, and where) of malware activity; (3) developing AI-inspired predictors that exploit different perspectives for a best-case detection; and, (4) designing security protocols that enables pro-active mitigation of large-scale cyber-attacks. To this end, this thesis presents JUGAAD, RaDaR, SUNDEW, and Net-Police frameworks that address these four issues, respectively.


JUGAAD is a comprehensive malware behavior-as-a-service platform that enables users to submit malware hashes or programs and retrieve their holistic and precise real-world behavior across the computing stack. RaDaR is an open real-world dataset for multi-perspective analysis of malware. With diverse run-time perspectives, RaDaR can foster multiple verticals in malware research and enable a fair comparison of different solutions. While JUGAAD and RaDaR bridge the gap in ground-truth, SUNDEW presents a multi-featured ensemble of specialized predictors that collate diverse run-time perspectives of malware for best-case detection. Finally, Net-Police is a traffic patrolling methodology to mitigate the impact of large-scale distributed malware attacks on all the affected parties.