Browse > Article
http://dx.doi.org/10.13089/JKIISC.2017.27.3.563

Study of Pre-Filtering Factor for Effectively Improving Dynamic Malware Analysis System  

Youn, Kwang-Taek (Korea University)
Lee, Kyung-Ho (Korea University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.27, no.3, 2017 , pp. 563-577 More about this Journal
Abstract
Due to the Internet and computing capability, new and variant malware are discovered around 1 Million per day. Companies use dynamic analysis such as behavior analysis on virtual machines for unknown malware detection because attackers use unknown malware which is not detected by signature based AV effectively. But growing number of malware types are not only PE(Portable Executable) but also non-PE such as MS word or PDF therefore dynamic analysis must need more resources and computing powers to improve detection effectiveness. This study elicits the pre-filtering system evaluation factor to improve effective dynamic malware analysis system and presents and verifies the decision making model and the formula for solution selection using AHP(Analytics Hierarchy Process)
Keywords
Dynamic Analysis; Malware; Effectiveness; AHP; APT;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 Symantec, "Internet Security Threat Report." https://www.symantec.com/content/dam/symantec/docs/reports/istr-22-2017-en.pdf" Vol 22, Apr. 2017
2 Michael Riley, Benjman Elgin, Dune lawrence and Carol Matlack, "Missed Alarms and 40 Million Stolen Credit Card Numbe rs: How Target Blew It." Bloomberg, "https://www.bloomberg.com/news/articles/2014-03-13/target-missed-warnings-inepic-hack-of-credit-card-data," Mar 2014.
3 Candid West, "Threats to Virutal Environments," Symantec, http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/threats_to_virtual_environments.pdf" 2015
4 Saaty T. L., "The Analytic Hierchy Process," McGraw-Hill, New York, 1980
5 Chun-Chn Wei, chen-Fu Chien, Mao-Jiun. Wang, "An AHP-Based approach to ERP System Selection," Elsevier, pp.47-62, 2004
6 Shin-Pil Shin, "An analytics hierarchy process(AHP) approach to selection of implementation mode of mobile office system," Seoul National University of Science and Technology, July. 2013
7 Gorecki, Christian, et al. "Trumanbox: Improving dynamic malware analysis by emulating the internet." Symposium on Self-Stabilizing Systems. Springer Berlin Heidelberg, 2011.
8 Eric M. Hutchins, MichaelJ. Cloppert, Rohan M Amin, Ph.D. "Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains," Leading Issues in information Warfare & Security Research, 2011
9 Moshchuk, Alexander, et al. "A Crawler-based Study of Spyware in the Web," NDSS. Vol. 1. 2006.
10 Pareek, Himanshu, Sandeep Romana, and P. R. L. Eswari. "Application whitelisting: approaches and challenges." International Journal of Computer Science, Engineering and Information Technology (IJCSEIT) 2.5 (2012).
11 Chen, Xu, et al. "Towards an understanding of anti-virtualization and anti-debugging behavior in modern malware." Dependable Systems and Networks With FTCS and DCC, 2008. DSN 2008. IEEE International Conference on. IEEE, 2008.
12 Bayer, Ulrich, et al. "Dynamic analysis of malicious code." Journal in Computer Virology 2.1 (2006): 67-77.   DOI
13 Dinaburg, Artem, et al. "Ether: malware analysis via hardware visualization extensions." Proceedings of the 15th ACM conference on Computer and communications security. ACM, 2008.
14 Bayer, Ulrich, Engin Kirda, and Christopher Kruegel. "Improving the efficiency of dynamic malware analysis." Proceedings of the 2010 ACM Symposium on Applied Computing. ACM, 2010.
15 Egele, Manuel, et al. "A survey on automated dynamic malware-analysis techniques and tools." ACM Computing Surveys (CSUR) 44.2 (2012): 6.
16 Rieck, Konrad, et al. "Automatic analysis of malware behavior using machine learning." Journal of Computer Security 19.4 (2011): 639-668.   DOI
17 Grance, Timothy, Marc Stevens, and Marissa Myers. "Guide to selecting information technology security products." Network Security (2003).
18 Mamaghani, Farrokh. "Evaluation and selection of an antivirus and content filtering software." Information management & computer security 10.1 (2002): 28-32.   DOI
19 Lengyel, Tamas K., et al. "Scalability, fidelity and stealth in the DRAKVUF dynamic malware analysis system." Proceedings of the 30th Annual Computer Security Applications Conference. ACM, 2014.
20 Godse, Manish, and Shrikant Mulik. "An approach for selecting software-as-a-service (SaaS) product." Cloud Computing, 2009. CLOUD'09. IEEE International Conference on. IEEE, 2009.
21 Bayer, Ulrich, Christopher Kruegel, and Engin Kirda. "TTAnalyze: A tool for analyzing malware." na, 2006.
22 Gorecki, Christian, et al. "Trumanbox: Improving dynamic malware analysis by emulating the internet." Symposium on Self-Stabilizing Systems. Springer Berlin Heidelberg, 2011.
23 https://www.symantec.com/products/endpoint-hybrid-cloud-security/endpoint/endpoint-protection
24 Kwon Jonghoon, et al. "Metamorphic Malware Detection using Subgraph Matching." Korea Institute of Information Security & Cryptology, 2011, 21.2: 37-47.
25 http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-167.pdf
26 Suk-Won Lee, "Decision Making Model for Selecting Financial Company Server Privilege Account Operations," Korea Institute of Information Security & Cryptology, 25(6), p1607-1620, Dec. 2014
27 https://www.virustotal.com/
28 https://usa.kaspersky.com/enterprisesecurity/endpoint
29 https://www.carbonblack.com/products/cb-protection/
30 https://www.mcafee.com/us/solutions/dynamic-endpoint-threat-defense.aspx
31 https://www.cylance.com/en_us/products/our-products/protect.html
32 https://www.invincea.com/solution-overview/