DocumentCode
1597692
Title
Architecture for automation of malware analysis
Author
Branco, Rodrigo Rubira ; Shamir, Udi
fYear
2010
Firstpage
106
Lastpage
112
Abstract
Malware Analysis is the top trend in the security industry. The number of new malware samples and toolkits for automated malware generation are growing exponentially, whereas the analysis capacity and knowledge are going down. In this paper we are going to discuss the infrastructure we created for malware analysis, with network dissection of traffic, execution of samples on multiple virtual machines or in real ones if required. The architecture performs fast analysis, comparing the results of multiple different anti-viruses and uses customized kernel-drivers, loaders and a clustered environment. New machines can be easily added to increase performance. Dispatchers, memory dumpers and dissectors are going to be discussed, as well as results we got in our live lab.
Keywords
invasive software; software architecture; analysis capacity; antivirus; automated malware generation; kernel drivers; malware analysis; multiple virtual machines; security industry; Computer architecture; Driver circuits; Kernel; Malware; Protocols; Virtual machining; Malware; Reverse Engineering; Virus;
fLanguage
English
Publisher
ieee
Conference_Titel
Malicious and Unwanted Software (MALWARE), 2010 5th International Conference on
Conference_Location
Nancy, Lorraine
Print_ISBN
978-1-4244-9353-1
Type
conf
DOI
10.1109/MALWARE.2010.5665786
Filename
5665786
Link To Document