Design and prototyping of framework for automated continuous malware collection and analysis

Abstract

In this paper, design of a framework for malware collection and analysis is described. The framework enables researchers to collect malware samples for analysis continuously, to develop counter measures and to generate pattern signatures for detection. By using this framework security analysts and operators are able to minimize their workload. Five components of malware collection unit, malware database, dynamic analysis unit, static analysis unit, signature generation and response unit have been developed and with certain level of manual operation these units are functional and are able to reduce workload of analysts for counter malware activities. Functionality to manage resources for integrated units such as virtual machines, virtual networks etc is being developed. Development of automated generation of signature would be key for this solution. An approach which compare network traffic generated by machines with malicious executable running and innocent network traffic collected from network used in daily operation which is assumed not to include malicious traffic is proposed. Under the situation with increasing number of newly created malware development of automation and continuity of counter malware scheme has been significant issues. This proposed framework is considered possible solution for such problem in the area of computer and network security. © 2011 IEEE.