TY - GEN
T1 - Design and prototyping of framework for automated continuous malware collection and analysis
AU - Takeda, Keiji
AU - Mizutani, Masayoshi
N1 - Copyright:
Copyright 2012 Elsevier B.V., All rights reserved.
PY - 2011
Y1 - 2011
N2 - In this paper, design of a framework for malware collection and analysis is described. The framework enables researchers to collect malware samples for analysis continuously, to develop counter measures and to generate pattern signatures for detection. By using this framework security analysts and operators are able to minimize their workload. Five components of malware collection unit, malware database, dynamic analysis unit, static analysis unit, signature generation and response unit have been developed and with certain level of manual operation these units are functional and are able to reduce workload of analysts for counter malware activities. Functionality to manage resources for integrated units such as virtual machines, virtual networks etc is being developed. Development of automated generation of signature would be key for this solution. An approach which compare network traffic generated by machines with malicious executable running and innocent network traffic collected from network used in daily operation which is assumed not to include malicious traffic is proposed. Under the situation with increasing number of newly created malware development of automation and continuity of counter malware scheme has been significant issues. This proposed framework is considered possible solution for such problem in the area of computer and network security.
AB - In this paper, design of a framework for malware collection and analysis is described. The framework enables researchers to collect malware samples for analysis continuously, to develop counter measures and to generate pattern signatures for detection. By using this framework security analysts and operators are able to minimize their workload. Five components of malware collection unit, malware database, dynamic analysis unit, static analysis unit, signature generation and response unit have been developed and with certain level of manual operation these units are functional and are able to reduce workload of analysts for counter malware activities. Functionality to manage resources for integrated units such as virtual machines, virtual networks etc is being developed. Development of automated generation of signature would be key for this solution. An approach which compare network traffic generated by machines with malicious executable running and innocent network traffic collected from network used in daily operation which is assumed not to include malicious traffic is proposed. Under the situation with increasing number of newly created malware development of automation and continuity of counter malware scheme has been significant issues. This proposed framework is considered possible solution for such problem in the area of computer and network security.
KW - Cyber security
KW - malware protection
UR - http://www.scopus.com/inward/record.url?scp=84455210306&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84455210306&partnerID=8YFLogxK
U2 - 10.1109/CCST.2011.6095922
DO - 10.1109/CCST.2011.6095922
M3 - Conference contribution
AN - SCOPUS:84455210306
SN - 9781457709029
T3 - Proceedings - International Carnahan Conference on Security Technology
BT - 2011 Carnahan Conference on Security Technology, ICCST 2011
T2 - 2011 IEEE International Carnahan Conference on Security Technology, ICCST 2011
Y2 - 18 October 2011 through 21 October 2011
ER -