A Framework for Behavior-Based Malware Analysis in the Cloud

  • Authors:
  • Lorenzo Martignoni;Roberto Paleari;Danilo Bruschi

  • Affiliations:
  • Dipartimento di Fisica, Università degli Studi di Udine,;Dipartimento di Informatica e Comunicazione, Università degli Studi di Milano,;Dipartimento di Informatica e Comunicazione, Università degli Studi di Milano,

  • Venue:
  • ICISS '09 Proceedings of the 5th International Conference on Information Systems Security
  • Year:
  • 2009

Quantified Score

Hi-index 0.00

Visualization

Abstract

To ease the analysis of potentially malicious programs, dynamic behavior-based techniques have been proposed in the literature. Unfortunately, these techniques often give incomplete results because the execution environments in which they are performed are synthetic and do not faithfully resemble the environments of end-users, the intended targets of the malicious activities. In this paper, we present a new framework for improving behavior-based analysis of suspicious programs. Our framework allows an end-user to delegate security labs, the cloud , the execution and the analysis of a program and to force the program to behave as if it were executed directly in the environment of the former. The evaluation demonstrated that the proposed framework allows security labs to improve the completeness of the analysis, by analyzing a piece of malware on behalf of multiple end-users simultaneously, while performing a fine-grained analysis of the behavior of the program with no computational cost for end-users.