Malware Analysis Framework from Static to Dynamic Analysis
Document Type
Journal Article
Publisher
School of Computer and Information Science, Edith Cowan University
Faculty
Faculty of Computing, Health and Science
School
School of Computer and Information Science / Centre for Security Research
RAS ID
5580
Abstract
Today, malicious software on networks is the major threat to internet security. Analysis of the malicious software is a multi-step process that can provide insight into its structure, functionality and behaviour that can be used to create an antidote. This paper focuses on how the analysis of malicious software can be used and how details of events gathered from an infected system can be used to detect a new infection. This strategy makes it possible to detect an infection on a honeypot that has been deployed to detect zero-day attacks. This paper demonstrates the steps taken in the analysis of malicious software from static to dynamic analysis, then the same methodology is used to analyse an infection on the honeypot. The paper concludes with an explanation of the difference between the static and dynamic analysis of malicious code.
Comments
El-moussa, F., & Jones, A. (2008). Malware Analysis Framework from Static to Dynamic Analysis. Journal of Information Warfare, 7(3), 23-34. Available here