VirusBattle: State-of-the-art malware analysis for better cyber threat intelligence

Author

Miles, Craig ; Lakhotia, Arun ; LeDoux, Charles ; Newsom, Aaron ; Notani, Vivek

Author_Institution

Center for Adv. Comput. Studies, Univ. of Louisiana at Lafayette, Lafayette, LA, USA

fYear

2014

fDate

19-21 Aug. 2014

Firstpage

1

Lastpage

6

Abstract

Discovered interrelationships among instances of malware can be used to infer connections among seemingly unconnected objects, including actors, machines, and the malware itself. However, such malware interrelationships are currently underutilized in the cyber threat intelligence arena. To fill that gap, we are developing VirusBattle, a system employing state-of-the-art malware analyses to automatically discover interrelationships among instances of malware. VirusBattle analyses mine malware interrelationships over many types of malware artifacts, including the binary, code, code semantics, dynamic behaviors, malware metadata, distribution sites and e-mails. The result is a malware interrelationships graph which can be explored automatically or interactively to infer previously unknown connections.

Keywords

computer viruses; data mining; graph theory; VirusBattle; binary; code semantics; cyber threat intelligence; distribution sites; dynamic behaviors; e-mails; malware analysis; malware artifacts; malware interrelationship mining; malware interrelationships graph; malware metadata; Computers; Data visualization; Electronic mail; Malware; Performance analysis; Semantics; Visualization;

fLanguage

English

Publisher

ieee

Conference_Titel

Resilient Control Systems (ISRCS), 2014 7th International Symposium on

Conference_Location

Denver, CO

Type

conf

DOI

10.1109/ISRCS.2014.6900103

Filename

6900103