Design and prototyping of framework for automated continuous malware collection and analysis

Keiji Takeda, Masayoshi Mizutani

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

In this paper, design of a framework for malware collection and analysis is described. The framework enables researchers to collect malware samples for analysis continuously, to develop counter measures and to generate pattern signatures for detection. By using this framework security analysts and operators are able to minimize their workload. Five components of malware collection unit, malware database, dynamic analysis unit, static analysis unit, signature generation and response unit have been developed and with certain level of manual operation these units are functional and are able to reduce workload of analysts for counter malware activities. Functionality to manage resources for integrated units such as virtual machines, virtual networks etc is being developed. Development of automated generation of signature would be key for this solution. An approach which compare network traffic generated by machines with malicious executable running and innocent network traffic collected from network used in daily operation which is assumed not to include malicious traffic is proposed. Under the situation with increasing number of newly created malware development of automation and continuity of counter malware scheme has been significant issues. This proposed framework is considered possible solution for such problem in the area of computer and network security.

Original languageEnglish
Title of host publicationProceedings - International Carnahan Conference on Security Technology
DOIs
Publication statusPublished - 2011
Event2011 IEEE International Carnahan Conference on Security Technology, ICCST 2011 - Barcelona, Spain
Duration: 2011 Oct 182011 Oct 21

Other

Other2011 IEEE International Carnahan Conference on Security Technology, ICCST 2011
CountrySpain
CityBarcelona
Period11/10/1811/10/21

Fingerprint

workload
automation
functionality
continuity
Network security
Static analysis
Security of data
Malware
traffic
Dynamic analysis
Automation
resources
Virtual machine

Keywords

  • Cyber security
  • malware protection

ASJC Scopus subject areas

  • Electrical and Electronic Engineering
  • Law

Cite this

Takeda, K., & Mizutani, M. (2011). Design and prototyping of framework for automated continuous malware collection and analysis. In Proceedings - International Carnahan Conference on Security Technology [06095922] https://doi.org/10.1109/CCST.2011.6095922

Design and prototyping of framework for automated continuous malware collection and analysis. / Takeda, Keiji; Mizutani, Masayoshi.

Proceedings - International Carnahan Conference on Security Technology. 2011. 06095922.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Takeda, K & Mizutani, M 2011, Design and prototyping of framework for automated continuous malware collection and analysis. in Proceedings - International Carnahan Conference on Security Technology., 06095922, 2011 IEEE International Carnahan Conference on Security Technology, ICCST 2011, Barcelona, Spain, 11/10/18. https://doi.org/10.1109/CCST.2011.6095922
Takeda K, Mizutani M. Design and prototyping of framework for automated continuous malware collection and analysis. In Proceedings - International Carnahan Conference on Security Technology. 2011. 06095922 https://doi.org/10.1109/CCST.2011.6095922
Takeda, Keiji ; Mizutani, Masayoshi. / Design and prototyping of framework for automated continuous malware collection and analysis. Proceedings - International Carnahan Conference on Security Technology. 2011.
@inproceedings{94b7b3333fa240b88e957150fc63a7d5,
title = "Design and prototyping of framework for automated continuous malware collection and analysis",
abstract = "In this paper, design of a framework for malware collection and analysis is described. The framework enables researchers to collect malware samples for analysis continuously, to develop counter measures and to generate pattern signatures for detection. By using this framework security analysts and operators are able to minimize their workload. Five components of malware collection unit, malware database, dynamic analysis unit, static analysis unit, signature generation and response unit have been developed and with certain level of manual operation these units are functional and are able to reduce workload of analysts for counter malware activities. Functionality to manage resources for integrated units such as virtual machines, virtual networks etc is being developed. Development of automated generation of signature would be key for this solution. An approach which compare network traffic generated by machines with malicious executable running and innocent network traffic collected from network used in daily operation which is assumed not to include malicious traffic is proposed. Under the situation with increasing number of newly created malware development of automation and continuity of counter malware scheme has been significant issues. This proposed framework is considered possible solution for such problem in the area of computer and network security.",
keywords = "Cyber security, malware protection",
author = "Keiji Takeda and Masayoshi Mizutani",
year = "2011",
doi = "10.1109/CCST.2011.6095922",
language = "English",
isbn = "9781457709029",
booktitle = "Proceedings - International Carnahan Conference on Security Technology",

}

TY - GEN

T1 - Design and prototyping of framework for automated continuous malware collection and analysis

AU - Takeda, Keiji

AU - Mizutani, Masayoshi

PY - 2011

Y1 - 2011

N2 - In this paper, design of a framework for malware collection and analysis is described. The framework enables researchers to collect malware samples for analysis continuously, to develop counter measures and to generate pattern signatures for detection. By using this framework security analysts and operators are able to minimize their workload. Five components of malware collection unit, malware database, dynamic analysis unit, static analysis unit, signature generation and response unit have been developed and with certain level of manual operation these units are functional and are able to reduce workload of analysts for counter malware activities. Functionality to manage resources for integrated units such as virtual machines, virtual networks etc is being developed. Development of automated generation of signature would be key for this solution. An approach which compare network traffic generated by machines with malicious executable running and innocent network traffic collected from network used in daily operation which is assumed not to include malicious traffic is proposed. Under the situation with increasing number of newly created malware development of automation and continuity of counter malware scheme has been significant issues. This proposed framework is considered possible solution for such problem in the area of computer and network security.

AB - In this paper, design of a framework for malware collection and analysis is described. The framework enables researchers to collect malware samples for analysis continuously, to develop counter measures and to generate pattern signatures for detection. By using this framework security analysts and operators are able to minimize their workload. Five components of malware collection unit, malware database, dynamic analysis unit, static analysis unit, signature generation and response unit have been developed and with certain level of manual operation these units are functional and are able to reduce workload of analysts for counter malware activities. Functionality to manage resources for integrated units such as virtual machines, virtual networks etc is being developed. Development of automated generation of signature would be key for this solution. An approach which compare network traffic generated by machines with malicious executable running and innocent network traffic collected from network used in daily operation which is assumed not to include malicious traffic is proposed. Under the situation with increasing number of newly created malware development of automation and continuity of counter malware scheme has been significant issues. This proposed framework is considered possible solution for such problem in the area of computer and network security.

KW - Cyber security

KW - malware protection

UR - http://www.scopus.com/inward/record.url?scp=84455210306&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84455210306&partnerID=8YFLogxK

U2 - 10.1109/CCST.2011.6095922

DO - 10.1109/CCST.2011.6095922

M3 - Conference contribution

AN - SCOPUS:84455210306

SN - 9781457709029

BT - Proceedings - International Carnahan Conference on Security Technology

ER -