Design of cloud-enabled cross-platform malware analysis systems

The Internet of Thing (IoT) is already gaining momentum in the society by creating links between virtual technology and physical world. As the forecasts show, the number of devices connected to the Internet may rise to 100 billion devices by the end of the current decade. The dark side of this era,...

Full description

Saved in:
Bibliographic Details
Main Author: Najafabadi, Seyed Abdolrahman Mousavian
Format: Thesis
Language:English
Published: 2016
Online Access:http://psasir.upm.edu.my/id/eprint/70249/1/FK%202017%20131%20-%20IR.pdf
http://psasir.upm.edu.my/id/eprint/70249/
Tags: Add Tag
No Tags, Be the first to tag this record!
id my.upm.eprints.70249
record_format eprints
spelling my.upm.eprints.702492019-08-16T00:43:01Z http://psasir.upm.edu.my/id/eprint/70249/ Design of cloud-enabled cross-platform malware analysis systems Najafabadi, Seyed Abdolrahman Mousavian The Internet of Thing (IoT) is already gaining momentum in the society by creating links between virtual technology and physical world. As the forecasts show, the number of devices connected to the Internet may rise to 100 billion devices by the end of the current decade. The dark side of this era, connecting everything to the Internet with lesser number security experts taking care of them. More importantly, companies are designing and implementing their platforms in the way that applications developed by third-party developers can be installed and executed seamlessly. It is to the best interest of the malicious attackers to violate the security and privacy by spreading malicious codes over a wider range of platforms including sensor nodes, smart phone, personal computer and server. This malicious activity utilizes zero-days vulnerabilities; thus the number of zero-days malware is expected to increase exponentially in the coming years. Arming security researchers with effective tools can lead to the discovery of malware in a shorter time. Hence we need an automated, cross-platform, scalable, fast, efficient and easy to use tools that can help even a novice user against the malicious attackers. In this study, a demonstration of automated, cross-platform malware analysis system with the power of cloud computing in the form of Software-as-a-Service is proposed. An efficient technique is introduced to tweak the whole structure bottom up; from how the nodes should be arranged to create the network, to tune the performance of the computing resources (such as CPU, RAM, and hard disk), and to modifying all software running on top of this composition. The analysis engine is performed by an open-source dynamic malware analyzer called Cuckoo Sandbox which is not only modified and improved to perform efficiently in the cloud environment but also able to support Android and Windows operating systems simultaneously. All the virtual machines that will be running the analysis are orchestrated by a fine-tuned OpenStack, an open-source cloud computing platform. Results show that as the number of submitted jobs grow, the proposed and enhanced system works tremendously better than existing ones. By average, for Windows platform the measured consumed time to analyze and report the outcome is more than ten times faster than previous cloud-enabled malware analysis system and about twelve times faster than standalone version. For Android platform, on average the proposed system improved the performance four times faster than individual launch. Furthermore, the number of virtual machines that can be run in the whole system simultaneously has increased by seven times compared to the previous research system. The proposed and developed cross platform malware analysis system is operated autonomously with minimum intervention from the users. 2016-12 Thesis NonPeerReviewed text en http://psasir.upm.edu.my/id/eprint/70249/1/FK%202017%20131%20-%20IR.pdf Najafabadi, Seyed Abdolrahman Mousavian (2016) Design of cloud-enabled cross-platform malware analysis systems. Masters thesis, Universiti Putra Malaysia.
institution Universiti Putra Malaysia
building UPM Library
collection Institutional Repository
continent Asia
country Malaysia
content_provider Universiti Putra Malaysia
content_source UPM Institutional Repository
url_provider http://psasir.upm.edu.my/
language English
description The Internet of Thing (IoT) is already gaining momentum in the society by creating links between virtual technology and physical world. As the forecasts show, the number of devices connected to the Internet may rise to 100 billion devices by the end of the current decade. The dark side of this era, connecting everything to the Internet with lesser number security experts taking care of them. More importantly, companies are designing and implementing their platforms in the way that applications developed by third-party developers can be installed and executed seamlessly. It is to the best interest of the malicious attackers to violate the security and privacy by spreading malicious codes over a wider range of platforms including sensor nodes, smart phone, personal computer and server. This malicious activity utilizes zero-days vulnerabilities; thus the number of zero-days malware is expected to increase exponentially in the coming years. Arming security researchers with effective tools can lead to the discovery of malware in a shorter time. Hence we need an automated, cross-platform, scalable, fast, efficient and easy to use tools that can help even a novice user against the malicious attackers. In this study, a demonstration of automated, cross-platform malware analysis system with the power of cloud computing in the form of Software-as-a-Service is proposed. An efficient technique is introduced to tweak the whole structure bottom up; from how the nodes should be arranged to create the network, to tune the performance of the computing resources (such as CPU, RAM, and hard disk), and to modifying all software running on top of this composition. The analysis engine is performed by an open-source dynamic malware analyzer called Cuckoo Sandbox which is not only modified and improved to perform efficiently in the cloud environment but also able to support Android and Windows operating systems simultaneously. All the virtual machines that will be running the analysis are orchestrated by a fine-tuned OpenStack, an open-source cloud computing platform. Results show that as the number of submitted jobs grow, the proposed and enhanced system works tremendously better than existing ones. By average, for Windows platform the measured consumed time to analyze and report the outcome is more than ten times faster than previous cloud-enabled malware analysis system and about twelve times faster than standalone version. For Android platform, on average the proposed system improved the performance four times faster than individual launch. Furthermore, the number of virtual machines that can be run in the whole system simultaneously has increased by seven times compared to the previous research system. The proposed and developed cross platform malware analysis system is operated autonomously with minimum intervention from the users.
format Thesis
author Najafabadi, Seyed Abdolrahman Mousavian
spellingShingle Najafabadi, Seyed Abdolrahman Mousavian
Design of cloud-enabled cross-platform malware analysis systems
author_facet Najafabadi, Seyed Abdolrahman Mousavian
author_sort Najafabadi, Seyed Abdolrahman Mousavian
title Design of cloud-enabled cross-platform malware analysis systems
title_short Design of cloud-enabled cross-platform malware analysis systems
title_full Design of cloud-enabled cross-platform malware analysis systems
title_fullStr Design of cloud-enabled cross-platform malware analysis systems
title_full_unstemmed Design of cloud-enabled cross-platform malware analysis systems
title_sort design of cloud-enabled cross-platform malware analysis systems
publishDate 2016
url http://psasir.upm.edu.my/id/eprint/70249/1/FK%202017%20131%20-%20IR.pdf
http://psasir.upm.edu.my/id/eprint/70249/
_version_ 1643839668132773888
score 13.214268