Nytro Posted September 2, 2013 Report Share Posted September 2, 2013 RMAS(Run-Time Malware Analysis System)A Framework for Malware Analysis and Malware DetectionSommarioIntroduction ....................................................................................................................................................... 3Architecture ....................................................................................................................................................... 3Static Analysis .................................................................................................................................................... 4Static Analysis Conclusion ............................................................................................................................ 5Dynamic Analysis ............................................................................................................................................... 5Dynamic Malware Detection Module ........................................................................................................... 9Dynamic Analysis Conclusion .................................................................................................................... 10Case Study ....................................................................................................................................................... 11Scenario 1 .................................................................................................................................................... 11Scenario 2 .................................................................................................................................................... 11Scenario 3 .................................................................................................................................................... 11Future Work..................................................................................................................................................... 12Conclusion ....................................................................................................................................................... 12Bibliography ..................................................................................................................................................... 13IntroductionThe malware is a threat for our systems because it can hit and retrieve our confidential information by using different attacking vectors. The security of modern computer systems depends on the ability by the users to keep software, OSes and antivirus products up-to-date.Since new viruses or new viral strains are released every day, the antivirus vendors have to update their software and their signatures and then distribute them. Conventional anti-malware programs rely on “static signature” to detect malware, but malware writers improve their codes to make them undetectable and stay one step ahead of static-signature-based detection.The Dynamic Malware Detection Systems are not new concepts, but my project is based on the development and the implementation of a system, called RMAS (Run-Time Malware Analysis System) in order to allow analysts to make dynamic analysis of new malware, to understand the malware behavior and produce a graphical dangerousness level of the analyzed program, by using just one modular tool.RMAS has been developed also because sometimes there are malware samples that the company has to analyze within the organization perimeter for privacy or policy reasons, to prevent leakage of confidential data.For example, malware samples could be gathered from sources such as honeypots of a specific network or from investigations and lots of these software cannot be analyzed from external analysis software, this is the main reason why I developed RMAS.The system has also been developed in order to realize an automated analysis thus limiting human intervention.Download:http://www.kaspersky.com/images/sponchioni,_roberto_-_rmas_a_framework_for_malware_analysis_and_malware_detection-10-98486.pdf Quote Link to comment Share on other sites More sharing options...
