StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Investigating Dynamic Malware Analysis Tool - Research Proposal Example

Cite this document
Summary
The paper "Investigating Dynamic Malware Analysis Tool" discusses that Symantec has released “Digital Immune System” incorporated in Norton corporate antivirus edition. After the system suspects virus-like activity, a sample is instantly uploaded and submitted to the center of analysis…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER97.1% of users find it useful
Investigating Dynamic Malware Analysis Tool
Read Text Preview

Extract of sample "Investigating Dynamic Malware Analysis Tool"

Malware Detection Affiliation Malware detection Task Research Limitation Malware has evolved into a more lethal threat by use of multiple vectors to launch attacks and exploit both unknown and known computer vulnerabilities and can infest prescanned files and folders with lightning speed. It will be expedient to equip scanners for the detection of evolved or mutated (metamorphic), and variant or obfuscated (polymorphic) malware versions (Mukkamala, Sulaiman, Chavez, & Sung, 2007). However, the current malware detection scanning techniques have serious limitations. An easy obfuscation of a software, which is a common technique used to protect reverse engineering technique of a software, can circumvent the empirical antivirus tools used for malware detection. Signature based detection is susceptible to invasion. Since the pattern or the signature is obtained from a familiar malware, this detection technique is easily evaded by obfuscating a program such as junk insertion and packing (Mishra, 2010). Even simple obfuscation such as code re-ordering and inserting no-ops can create a variant of malware able to evade signature-based detectors. This technique is also not able to detect unknown malware. The signatures of this program are architecture by close observation of known malware hence signature-based detection is only able to detect “known malware.” At times, signature-based detection fails to pick a variant of an already known malware. In this respect, signature-based detection offers minimal zero-day protection (Venugopal & Hu, 2008). In addition, the signature database grows exponentially since the detector uses a specific signature for every variant of malware. Task 2 Research Alternate Methods, Advantages and Disadvantages Heuristic analysis Heuristic scanning bears a close resemblance to signature scanning with the only difference being, instead of checking for particular signatures; heuristic scanning will check for certain commands or instructions within a program, which are not typically found in application programs (Aycock, 2006). The heuristic engine ultimately is better placed to sense for potentially malicious executions in previously unexamined and new malicious behavior such as virus replication mechanism, payload of Trojan or worm distribution routine. Advantages Generic virus protection renders all other malware scanners obsolete and offers sufficient protection to stop any malware. The user is saved from weekly software updates since the software is able to detect all malwares. Disadvantages Although heuristic malware check offers tremendous benefits, today this technology is not adequate. Virus writers are able to come up with viruses that disregard the rules and thus render the set virus detection rules incapable. Any changes to the set rules call for download; hence, they require updating and even then, they are not able to block many new malwares (Konstantinou & Wolthusen, 2008). This property makes them similar to scanners. In addition, failure of detection of known malware and false alarms potentials are higher in heuristic technique than in scanners. Generic signature detection This technique is specifically fashioned to identify variations of viruses. A number of viruses are re-made and rename themselves to various names but essentially stem from the same classification (or family). Genetic technique consults previous virus definition and uses it to locate the identical “cousins” even when they have evolved to unusual characters with slightly different names (Liao, Richard Lin, Lin, & Tung, 2013). Advantages Generic scanning is not dependent on individual virus behaviors or signatures. Hence, they are handy in detecting unknown and new viruses and viruses of unknown and new behaviors. Generic detection does not need periodic database update. Disadvantages Same family multiple virus scanning uses wild cards signatures. Failure can be anticipated in such an arrangement because new viruses belonging to the same family may fail to lie in the scope of the wild card detected. When this happens, a new virus gets a loop to pass the virus check Behavior blocking This method of detection attempts to detect virus activity type, such as trying to format a disk that is not generally an execution of most common programs (Kirda, Kruegel, Banks, Vigna, & Kemmerer, 2006). In other instances, the program may make an attempt of moving a file into the operating system folders. These behaviors are instantly flagged by behavior blocking techniques. Advantages A behavior blocker blocks the virus from infecting the computer, thereby eliminating the necessity for virus removal except in the already infected original folder. They also endure longer compared to several other techniques. Since the method does not check for specific viruses, but the behavior, it eliminates the need for an upgrade with new virus detection. Disadvantages The behavior block calls for the malicious code to be executed in the target machine before identification of all its behavior. This can be catastrophic before the behavior has been identified and blocked consecutively. Task 3 Research Existing Tools Norman sandbox The Norman sandbox executes a sample in a strictly monitored virtual environment, which resembles the Windows operating system. The environment is ideal since is simulates host computer, local area connection and to a degree, internet connectivity. The simulation thus provides support for relevant operating system mechanisms such as multi-threading support and memory protection (Shukla, 2007). Norman sandbox pays attention to worm’s detection that spread via P2P networks, email and viruses that attempt to replicate network shares. JoeBox creates a log containing high degree information of actions that have been performed regarding file registry, system activities and file system. JoeBox is designed to run on actual hardware, not relying on any emulation techniques or virtualization (Shukla, 2007). The system’s architecture is a model of client-server. The single controller instance is able to control multiple clients who are responsible for executing the analysis. The parent machine gathers analysis data. Task 4 types of malware San box ThreatAnalyzer is a customizable sandbox. The user is able to recreate their entire environment. They are, therefore, able to tell how the malware will affect the network infrastructure and tethered computers. Threat analyzer is then tuned to check for suspicious network activity and data exfiltration, anomalous sensitive systems access and applications (Colajanni, Gozzi, & Marchetti, 2008). Nuage sandbox also comes handy. It can be used for feature testing of ad hoc, as an environment for demonstration or quick code validation. Task 5 Deploying Malware Sandbox Before deploying a sandbox, a few things are worth considering. Among them are the kinds of files intended for analysis, volume of analysis, the platform in which the analysis will run and the information one intends to retrieve from a file. Creating a virtual environment is a critical part in sandbox deployment (Colajanni et al., 2008). A design plan defining the operating system, and the software to install should be in the ground before starting on virtualization. Consider automated analysis of malware is not deterministic with its success depending on numerous factors. Create a system as realistic as you can and able to manage all the requirements Task 6 Evaluating Malware Recently, Symantec has released “Digital Immune System” incorporated in Norton corporate antivirus edition. After the system suspects’ virus-like activity, a sample is instantly uploaded and submitted to the center of analysis. If the virus resembles a known virus, the vaccine is auto downloaded to a computer, which is affected enabling the software to clean it (van der Made, 2006). This significantly reduces the time the computer takes to clean a virus thereby reducing chances of infecting other computers. References Aycock, J. (2006). Computer viruses and malware (Vol. 22). Springer. Colajanni, M., Gozzi, D., & Marchetti, M. (2008). Collaborative architecture for malware detection and analysis. In Proceedings of The Ifip Tc 11 23rd International Information Security Conference (pp. 79–93). Springer. Kirda, E., Kruegel, C., Banks, G., Vigna, G., & Kemmerer, R. (2006). Behavior-based Spyware Detection. In Usenix Security (Vol. 6). Konstantinou, E., & Wolthusen, S. (2008). Metamorphic virus: Analysis and detection. Royal Holloway University of London, 15. Liao, H.-J., Richard Lin, C.-H., Lin, Y.-C., & Tung, K.-Y. (2013). Intrusion detection system: A comprehensive review. Journal of Network and Computer Applications, 36(1), 16–24. Mishra, U. (2010). Methods of Virus detection and their limitations. SSRN eJournal, Mukkamala, S., Sulaiman, A., Chavez, P., & Sung, A. H. (2007). Limitations of Current Anti- Virus Scanning Technologies. Advances in Enterprise Information Technology Security. Shukla, J. (2007). Application Sandbox to Detect, Remove, and Prevent Malware. Google Patents. Van der Made, P. A. (2006). Computer immune system and method for detecting unwanted code in a computer system. Google Patents. Venugopal, D., & Hu, G. (2008). Efficient signature based malware detection on mobile devices. Mobile Information Systems, 4(1), 33–49. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Investigating Dynamic Malware Analysis tool Research Proposal”, n.d.)
Investigating Dynamic Malware Analysis tool Research Proposal. Retrieved from https://studentshare.org/information-technology/1656875-investigating-dynamic-malware-analysis-tool
(Investigating Dynamic Malware Analysis Tool Research Proposal)
Investigating Dynamic Malware Analysis Tool Research Proposal. https://studentshare.org/information-technology/1656875-investigating-dynamic-malware-analysis-tool.
“Investigating Dynamic Malware Analysis Tool Research Proposal”, n.d. https://studentshare.org/information-technology/1656875-investigating-dynamic-malware-analysis-tool.
  • Cited: 0 times

CHECK THESE SAMPLES OF Investigating Dynamic Malware Analysis Tool

An in Depth Look at the Role of Forensic Science and its Impact on Justice

This research study examines the history and development of forensic science as an investigative and prosecutorial tool in the administration of justice.... The contributions of forensic science and the rationale for its use are examined.... .... ... ... Beginning in the early 1970s forensic laboratories have quadrupled in response to the proliferation of substance abuse, an increasing demand for independent evidence and advances in science and technology (Peterson & Sommers, 2010)....
72 Pages (18000 words) Dissertation

Security officer

The cyber criminals targeted the university employees and students' accounts, resulting in the targeted persons to spread the malware which then stole their personal information, as well as log-in credentials.... The attacker had frequently phished for employees' emails from LinkedIn, and sending students mass emails from social networking sites, before sending them emails asking for account information having attachments infected with a malware....
9 Pages (2250 words) Essay

Online Banking and the Banking Sector

On a broad analysis, the effect of e-commerce in people's life has not been only in one dimension but through a wide spectrum of use, internet has been widely adopted for use in matters of shopping and transacting almost all bank procedures.... ONLINE BANKING AND THE BANKING SECTOR Instructor Institution Submission Date Content list 1....
16 Pages (4000 words) Essay

Digital Forensic Investigation

OURCES OF DATAAs mentioned earlier, digital forensic investigation has been divided into different stages of preservation, collection, examination, and analysis (ENFSI, 2003).... This paper "Digital Forensic Investigation" discusses sources of data used during the investigation of digital forensics in an effective and legal way, and prioritize discussed data sources according to three different events of network intrusion, malware installation, and insider file detection....
8 Pages (2000 words) Case Study

Forensics Based On Evidence Gathered With Peep Attacks

It is crucial to swiftly preserve digital evidence and conduct forensic analysis that any useful evidence is seized soon after the cybercrime has been committed.... Furthermore, there are two phases of digital forensic analysis to retrieve useful evidence when facing a cybercrime attack in our scheme.... In this paper we introduce a digital forensic analysis applied to the investigation of a Peep attack, and discuss some of the resulting problems and concerns....
15 Pages (3750 words) Essay

Investigation of Crytolocker

This paper deliberates the details of an investigation of a Crytolocker malware attack using a network tool, Wireshark and by an application of other techniques parry to an investigation of this nature.... Using a tool like Wireshark a network forensic person can unearth all activities of any given computer system.... his paper deliberates the details of an investigation of a crypto locker malware attack using a network tool, Wireshark and by an application of other techniques parry to an investigation of this nature....
17 Pages (4250 words) Report

Fire Investigative

In addition, laboratory analysis provides important results about the effectiveness of fire protection measures or sources of fire outbreak.... Fire scene sampling is considered a significant decision that fire investigators are required to make whilst undertaking their forensic analysis of fire scene evidence.... It has been observed that sampling a wrong fire location or taking insufficient evidence can lead to inaccurate presentation of evidence and analysis about fire sources and causes scenario....
8 Pages (2000 words) Essay

Android Malware Detection and Prevention Techniques

This literature review "Android Malware Detection and Prevention Techniques" provides a thorough review of current approaches for analysis of Android security.... This paper will follow the systematic review process carefully, with results from over 100 research papers in different conferences and journals earmarked for analysis.... The taxonomy will be constructed by conducting a 'survey of various surveys' on associated taxonomies as well as performing an iterative content analysis....
28 Pages (7000 words) Literature review
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us