Home // International Journal On Advances in Security, volume 6, numbers 1 and 2, 2013 // View article

Towards Next Generation Malware Collection and Analysis

Authors:
Christian Martin Fuchs
Martin Brunner

Keywords: malware collection; malware analysis and defense

Abstract:
The fast paced evolution of malware has demonstrated severe limitations of traditional collection and analysis concepts. However, a majority of the anti-malware industry still relies on such ineffective concepts and invests much effort into temporarily fixing most obvious shortcomings. Ultimately fixing outdated concepts is insufficient for combating highly sophisticated future malicious software, thus new approaches are required. One such approach is AWESOME, a novel integrated honeypot-based malware collection and analysis framework. The goal of our collection and analysis system is retrieval of internal malware logic information for providing sufficient emulation of protocols and subsequently network resources in real time. If protocol emulation components are trained sufficiently, a larger setup could even allow for malware analysis in an isolated environment, thus offering side-effect free analysis and a better understanding of current and emerging malware. In this paper, we present in-depth information on this concept as well as first practical results and a proof of concept, indicating the feasibility of our approach. We describe in detail many of the components of AWESOME and also depict how protocol detection and emulation is conducted.

Pages: 32 to 48

Copyright: Copyright (c) to authors, 2013. Used with permission.

Publication date: June 30, 2013

Published in: journal

ISSN: 1942-2636