Design of cloud-enabled cross-platform malware analysis systems
The Internet of Thing (IoT) is already gaining momentum in the society by creating links between virtual technology and physical world. As the forecasts show, the number of devices connected to the Internet may rise to 100 billion devices by the end of the current decade. The dark side of this era,...
Saved in:
Main Author: | |
---|---|
Format: | Thesis |
Language: | English |
Published: |
2016
|
Online Access: | http://psasir.upm.edu.my/id/eprint/70249/1/FK%202017%20131%20-%20IR.pdf http://psasir.upm.edu.my/id/eprint/70249/ |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Summary: | The Internet of Thing (IoT) is already gaining momentum in the society by creating links between virtual technology and physical world. As the forecasts show, the number of devices connected to the Internet may rise to 100 billion devices by the end of the current decade. The dark side of this era, connecting everything to the Internet with lesser number security experts taking care of them. More importantly, companies are designing and implementing their platforms in the way that applications developed by third-party developers can be installed and executed seamlessly. It is to the best interest of the malicious attackers to violate the security and privacy by spreading malicious codes over a wider range of platforms including sensor nodes, smart phone, personal computer and server. This malicious activity utilizes zero-days vulnerabilities; thus the number of zero-days malware is expected to increase exponentially in the coming years. Arming security researchers with effective tools can lead to the discovery of malware in a shorter time. Hence we need an automated, cross-platform, scalable, fast, efficient and easy to use tools that can help even a novice user against the malicious attackers.
In this study, a demonstration of automated, cross-platform malware analysis system with the power of cloud computing in the form of Software-as-a-Service is proposed. An efficient technique is introduced to tweak the whole structure bottom up; from how the nodes should be arranged to create the network, to tune the performance of the computing resources (such as CPU, RAM, and hard disk), and to modifying all software running on top of this composition. The analysis engine is performed by an open-source dynamic malware analyzer called Cuckoo Sandbox which is not only modified and improved to perform efficiently in the cloud environment but also able to support Android and Windows operating systems simultaneously. All the virtual machines that will be running the analysis are orchestrated by a fine-tuned OpenStack, an open-source cloud computing platform.
Results show that as the number of submitted jobs grow, the proposed and enhanced system works tremendously better than existing ones. By average, for Windows platform the measured consumed time to analyze and report the outcome is more than ten times faster than previous cloud-enabled malware analysis system and about twelve times faster than standalone version. For Android platform, on average the proposed system improved the performance four times faster than individual launch. Furthermore, the number of virtual machines that can be run in the whole system simultaneously has increased by seven times compared to the previous research system. The proposed and developed cross platform malware analysis system is operated autonomously with minimum intervention from the users. |
---|