Title

Malware Analysis Framework from Static to Dynamic Analysis

Document Type

Journal Article

Publisher

School of Computer and Information Science, Edith Cowan University

Faculty

Computing, Health and Science

School

Computer and Information Science, Centre for Security Research

RAS ID

5580

Comments

This article was originally published as: El-moussa, F., & Jones, A. (2008). Malware Analysis Framework from Static to Dynamic Analysis. Journal of Information Warfare, 7(3), 23-34. Original available here

Abstract

Today, malicious software on networks is the major threat to internet security. Analysis of the malicious software is a multi-step process that can provide insight into its structure, functionality and behaviour that can be used to create an antidote. This paper focuses on how the analysis of malicious software can be used and how details of events gathered from an infected system can be used to detect a new infection. This strategy makes it possible to detect an infection on a honeypot that has been deployed to detect zero-day attacks. This paper demonstrates the steps taken in the analysis of malicious software from static to dynamic analysis, then the same methodology is used to analyse an infection on the honeypot. The paper concludes with an explanation of the difference between the static and dynamic analysis of malicious code.

 
COinS