Insights gained from constructing a large scale dynamic analysis platform
| Autor: | DeMarcus Montrez Thomas, Henry Cook, Chris Lanclos, Dae Glendowne, Cody Miller, Patrick Pape |
|---|---|
| Rok vydání: | 2017 |
| Předmět: |
021110 strategic
defence & security studies SIMPLE (military communications protocol) Process (engineering) Computer science Scale (chemistry) Distributed computing 0211 other engineering and technologies 02 engineering and technology computer.software_genre Computer security Computer Science Applications Medical Laboratory Technology 020204 information systems Scalability 0202 electrical engineering electronic engineering information engineering Malware Cuckoo sandbox Law computer |
| Zdroj: | Digital Investigation. 22:S48-S56 |
| ISSN: | 1742-2876 |
| DOI: | 10.1016/j.diin.2017.06.007 |
| Popis: | As the number of malware samples found increases exponentially each year, there is a need for systems that can dynamically analyze thousands of malware samples per day. These systems should be reliable, scalable, and simple to use by other systems and malware analysts. When handling thousands of malware, reprocessing a small percentage of the malware due to errors can be devastating; a reliable system avoids wasting resources by reducing the number of errors.In this paper, we describe our scalable dynamic analysis platform, perform experiments on the platform, and provide lessons we have learned through the process. The platform uses Cuckoo sandbox for dynamic analysis and is improved to process malware as quickly as possible without losing valuable information. Experiments were performed to improve the configuration of the system's components and help improve the accuracy of the dynamic analysis. Lessons learned presented in the paper may aid others in the development of similar dynamic analysis systems. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|
Full Text from ScienceDirect