A user driven cloud based multisystem malware detection system

Using compromised or malicious sites to launch attacks against client systems is a growing attack vector in today’s threat landscape. Attackers are able to stand up new sites at an alarming rate while client systems are constantly evolving, and exposing new vulnerabilities that are able to be exploited by an attacker. Additionally, client systems are growing in value for attackers as they often contain personal information, banking information, and passwords. Historically, analyzing new sites for malicious content has been a very manual process or an automated process where the end users’ needs were removed from the process. This thesis explores the power of cloud computing technologies capability of real time malware analysis and bringing the user back into the analysis process by using the user’s browsing activity to generate URLs for analysis. This paper examines the design of such a system as well as the results of the prototype of the system. Using a single prototype machine, it is experimentally shown that cloud computing technology is capable of performing an analysis of web sites in near real time. The prototype system performed experiments with two operating systems (Windows 7 and Lubuntu Linux) as well as machine learning algorithms to gather the latency and throughput. The average analysis time for the prototype system was less than 0.5 seconds with a single virtual machine having a throughput of around 1,000 sites per hour. In addition, the technology presented by this thesis is scalable as many virtual machines are capable of being spun up on a single piece of hardware. .