Improved Malware Behavior Detection Using Static Analysis

• Main Authors: Ming-YenHsieh, 謝銘晏
• Other Authors: Hui-Tang Lin
• Format: Others
• Language: en_US
• Published: 2010
• Online Access: http://ndltd.ncl.edu.tw/handle/97119842549485773303

碩士 === 國立成功大學 === 電腦與通信工程研究所 === 98 === Malware is the main current threat of computer security. To deal with increasing amount of malware, researchers use methodologies to analyze malware. In this thesis, we focus on building a dynamic analysis system on Testbed@TWISC based on the Emulab system. Because the Testbed@TWISC system is built on real machines, the anti-VM malware can still function properly in our dynamic analysis system. A mimetic network is provided in the analysis environment to allow malware samples the illusion of Internet accessibility We also propose an approach which improves dynamic malware analysis by first using static analysis to create a custom malware environment to retrieve trigger conditions. Using this approach, we generate a more accurate and in-depth report for various malware, including details such as IRC bot commands and responses, clues to determine the propagation model of worms and processes termination ability of the malware. We evaluate our approach using four case studies and prove that our approach can analyze real world malware and produce a precise and detailed report.