Developing malware evaluation infrastructure
Krzysztof Cabaj, Piotr Gawkowski, Konrad Grochowski, Amadeusz Kosik
Citation: Proceedings of the 2016 Federated Conference on Computer Science and Information Systems, M. Ganzha, L. Maciaszek, M. Paprzycki (eds). ACSIS, Vol. 8, pages 981–989 (2016)
Abstract. Malware evaluation is a key factor in security. It supposed to be safe and accurate. The contemporary malware is very sophisticated. Usually it uses complex distributed infrastructure an investigation of which is a very challenging task. In the paper, the development of the testbeds toward malware and its infrastructure evaluation is presented. Based on the real-life experience with the subsequent CryptoWall generations analysis, the MESS evaluation system is introduced. A rich set of analytical results is discussed. A new methods of visualization for malware artefacts analysis are given.
- McAffe Labs, Threats Report, May 2015, http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q1-2015.pdf
- Symantec, Internet Threat Report, April 2015, www4.symantec.com/mktginfo/whitepaper/ISTR/21347932_ GA-internet-security-threat-report-volume-20-2015-social_v2.pdf
- A. Kharraz, W. Robertson, D. Balzarotti, L. Bilge and E. Kirda, “Cutting the gordian knot: A look under the hood of ransomware attacks,” DIMVA 2015, 12th Conference on Detection of Intrusions and Malware & Vulnerability Assessment, July 9-10, 2015, Milan, Italy, http://dx.doi.org/10.1007/978-3-319-20550-2_1
- K. Cabaj, P. Gawkowski, K. Grochowski, and D. Osojca, “Network activity analysis of CryptoWall ransomware”, Przegląd Elektrotechniczny, Vol 91, No 11, 2015, http://dx.doi.org/10.15199/48.2015.11.48
- E. Skoundis and L. Zeltser, Malware. Fighting Malicious Code, Pearson Education Inc. ; 2004.
- U. Bayer, A. Moser, Ch. Kruegel and E. Kirda, “Dynamic analysis of malicious code,” J. in Comp. Virology, vol. 2, 2006, pp 67-77., http://dx.doi.org/10.1007/s11416-006-0012-2
- X. Chen, J. Andersen, Z.M. Mao, M. Bailey and J. Nazario, “Towards an understanding of anti-virtualization and anti-debugging behavior in modern malware,” in IEEE Int’l Conf. on Dependable Systems and Networks, 2008, pp. 177-186., http://dx.doi.org/10.1109/DSN.2008. 4630086
- P. Ferrie, The “Ultimate” Anti-Debugging Reference, 2011 http://anti-reversing.com/Downloads/Anti-Reversing/The_Ultimate_Anti-Reversing_Reference.pdf
- K. Cabaj, Management System for Dynamic Analysis of Malicious Software, Information Systems In Management, 2015
- Cuckoo Sandbox website, https://www.cuckoosandbox.org, May, 2016
- Process Monitor website, https://technet.microsoft.com/pl-pl/sysinternals/bb896645.aspx, May, 2016