Title :
Architecture for automation of malware analysis
Author :
Branco, Rodrigo Rubira ; Shamir, Udi
Abstract :
Malware Analysis is the top trend in the security industry. The number of new malware samples and toolkits for automated malware generation are growing exponentially, whereas the analysis capacity and knowledge are going down. In this paper we are going to discuss the infrastructure we created for malware analysis, with network dissection of traffic, execution of samples on multiple virtual machines or in real ones if required. The architecture performs fast analysis, comparing the results of multiple different anti-viruses and uses customized kernel-drivers, loaders and a clustered environment. New machines can be easily added to increase performance. Dispatchers, memory dumpers and dissectors are going to be discussed, as well as results we got in our live lab.
Keywords :
invasive software; software architecture; analysis capacity; antivirus; automated malware generation; kernel drivers; malware analysis; multiple virtual machines; security industry; Computer architecture; Driver circuits; Kernel; Malware; Protocols; Virtual machining; Malware; Reverse Engineering; Virus;
Conference_Titel :
Malicious and Unwanted Software (MALWARE), 2010 5th International Conference on
Conference_Location :
Nancy, Lorraine
Print_ISBN :
978-1-4244-9353-1
DOI :
10.1109/MALWARE.2010.5665786
