(IJACSA) International Journal of Advanced Computer Science and Applications, Vol. 11, No. 7, 2020 Malware Analysis in Web Application Security: An Investigation and Suggestion Abhishek Kumar Pandey 1 Department of Information Technology BBA University Lucknow UP, India Fawaz Alsolami 2 * Computer Science Department King Abdulaziz University Jeddah, Saudi Arabia Abstract—Malware analysis is essentially used for the identification of malware and its objectives. However, the present era has seen the process of malware analysis being used for enhancing security methods for different domains of technology. This study has attempted to analyze the current situation and status of malware analysis in web application security through some objectives. These objectives helps the authors to analyze the purpose, used methodology of malware analysis in web application security previously as well as authors select and find a prioritized technique of malware analysis through a hybrid multi criteria decision making procedure called fuzzy-Analytical Hierarchy Process. This fuzzy-AHP methodology helps the authors to find and recommend a most prioritized malware analysis techniques and type as well as suggest a ranking of various malware analysis techniques that used in web application security frequently for experts and developers use. Furthermore, second section of paper forecast the attack statistics and publication statistics of malwares and malware analysis in web application security respectively for understanding the sensitivity of topic and need of investigation. The proposed tactic intends to be an effective reckoner for web developers and facilitate in malware analysis for securing web applications. Additionally, the study also forecast the publication and attack scenario of malware and malware analysis for web application security that gives a complimentary overview of domain. Keywords—Malware analysis; web application; application security; fuzzy-AHP; forecasting I. INTRODUCTION Ever since the internet came into existence, its use has become expansive and ubiquitous. According to a report of the Internet World State in March 2019, “50.1% of the population in Asia uses the internet, 16.4% of the population uses the internet in Europe, 11.2% in Africa and 7.5% in North America [1]”. These statistics show a marked involvement and effect of internet on the life of people. Nevertheless, internet services also have their defined set of threats and risks. Unfortunately, there has been a massive increase in these threats in the recent years. Data statistics from anti-virus companies and security experts also show the rise of malware and cyber-attacks. Malware is one of the biggest threats for current web applications [2]. Easy accessibility of web is the biggest reason behind the rise of malware attacks against the web. Though the research domain in malware is increasing day by day, the number of attacks and attack-technologies are also increasing simultaneously. Moreover, contending with these emerging attack- technologies has become a formidable challenge for the researchers and investigators in the field of malware analysis. Malware analysis is the process of determining the functionality, origin and potential impact of a given malware sample such as a virus, worm, Trojan horse, root kit, or backdoor. Defense against malware attacks is malware analysis. Malware analysis is the process of identifying, investigating and measuring the objective, functionality, and the harmful effects of any malware. Malware analysis is a combination of static and dynamic analysis methods. According to a testing lab survey, the success ratio of malware analysis is 96.67% [3]. There are many methods like API chaser, Sandboxing, Call graph method and others for providing accurate malware analysis result. The focus of this Investigation is to summarize and review the previous research work that has been done on malware analysis and find a link for securing web applications through the malware analysis process. It is very important to analyze and classify the previous work done on securing web application through malware analysis properly for helping the future researchers. To the best of our knowledge, very limited work has been done on collating systematic literature reviews in the context of securing web application through malware analysis and other malware analysis related fields. This paper gives an overview of the previous research work done in the cited area and, further, it intends to help the researchers in identifying the areas where investigations need to be done more effectively for containing the harm done through malware attacks. For facilitating an exhaustive investigation, the authors of this study have also classified malware attacks based on different categories, which have been further segregated into sub categories to explain the malware threats. Additionally, the study also categorize and prioritize various malware analysis methodologies through a scientific multi criteria decision making approach (MCDM) called fuzzy-Analytical Hierarchy Process (AHP). Fuzzy-AHP is a verified and effective approach for ranking and prioritizing. The use of fuzzy-AHP for ranking malware analysis methodologies can provide a view and idea to experts and researchers. The results of ranking experiment in proposed study will definitely beneficial for future research endeavors and authors believes that results can also be adopted by malware analysts in order to enhance the malware analysis techniques. *Corresponding Author 191 | Page www.ijacsa.thesai.org