The Malware Analysis Body of Knowledge (MABOK)
نویسنده
چکیده
The ability to forensically analyse malicious software (malware) is becoming an increasingly important discipline in the field of Digital Forensics. This is because malware is becoming stealthier, targeted, profit driven, managed by criminal organizations, harder to detect and much harder to analyse. Malware analysis requires a considerable skill set to delve deep into malware internals when it is designed specifically to detect and hinder such attempts. This paper presents a foundation for a Malware Analysis Body of Knowledge (MABOK) that is required to successfully forensically analyse malware. This body of knowledge has been the result of several years of research into malware dissection.
منابع مشابه
DyVSoR: dynamic malware detection based on extracting patterns from value sets of registers
To control the exponential growth of malware files, security analysts pursue dynamic approaches that automatically identify and analyze malicious software samples. Obfuscation and polymorphism employed by malwares make it difficult for signature-based systems to detect sophisticated malware files. The dynamic analysis or run-time behavior provides a better technique to identify the threat. In t...
متن کاملRevisiting Static Analysis of Android Malware
The mobile malware threat is fought by both static and dynamic analysis, two complementary approaches in need of constant sharpening. In this paper, static analysis is revisited to update and deepen knowledge about Android malware, correlate malicious samples through common artifacts, and further understand malware developers’ modus operandi. By looking at more than 200,000 malware samples, our...
متن کاملSupporting Knowledge-assisted Rule Creation in a Behavior-based Malware Analysis Prototype
The ever increasing number of malicious software (malware) requires domain experts to shift their analysis process towards more individualized approaches to acquire more information about presently unknown malware samples. KAMAS is a knowledge-assisted visual analytics prototype for behavioral malware analysis, which allows IT-security experts to categorize and store potentially harmful system ...
متن کاملAn automated approach to analysis and classification of Crypto-ransomwares’ family
There is no doubt that malicious programs are one of the permanent threats to computer systems. Malicious programs distract the normal process of computer systems to apply their roguish purposes. Meanwhile, there is also a type of malware known as the ransomware that limits victims to access their computer system either by encrypting the victimchr('39')s files or by locking the system. Despite ...
متن کاملA knowledge-assisted visual malware analysis system: Design, validation, and reflection of KAMAS
IT-security experts engage in behavior-based malware analysis in order to learn about previously unknown samples of malicious software (malware) or malware families. For this, they need to find and categorize suspicious patterns from large collections of execution traces. Currently available systems do not meet the analysts’ needs which are described as: visual access suitable for complex data ...
متن کامل