AWESOME - Automated Web Emulation for Secure Operation of a Malware-Analysis Environment
We present AWESOME, a novel approach for integrated honeypot-based malware collection and analysis which extends the functionalities of existing approaches. In contrast to purely network-based approaches, the goal of our collection and analysis system is runtime retrieval of internal malware logic information. This approach allows us to provide analyzed malware with all requested resources in real time, despite the fact that it is executed within an isolated environment. Our assumption is that being able to track the entire malware execution life-cycle will enable a better understanding of current and emerging malware. This paper introduces our design, outlining its contributions and design considerations. An in-depth description and evaluation of each component will be discussed in separate work. While still under development, we expect our approach to make a significant contribution to enhanced analysis of current malware.
AWESOME - Automated Web Emulation for Secure Operation of a Malware-Analysis Environment
Proceedings of the Sixth International Conference on Emerging Security Information, Systems and Technologies (SECURWARE 2012)
Authors: | Martin Brunner, Christian M. Fuchs, and Sascha Todt |
Year/month: | 2012/8 |
Booktitle: | Proceedings of the Sixth International Conference on Emerging Security Information, Systems and Technologies (SECURWARE 2012) |
Pages: | 68-71 |
Address: | Rome, Italy |
Oranization: | International Academy, Research, and Industry Association (IARIA) |
Note: | ISBN: 978-1-61208-209-7. Best Paper Award |
Fulltext: | click here |
Abstract |
|
We present AWESOME, a novel approach for integrated honeypot-based malware collection and analysis which extends the functionalities of existing approaches. In contrast to purely network-based approaches, the goal of our collection and analysis system is runtime retrieval of internal malware logic information. This approach allows us to provide analyzed malware with all requested resources in real time, despite the fact that it is executed within an isolated environment. Our assumption is that being able to track the entire malware execution life-cycle will enable a better understanding of current and emerging malware. This paper introduces our design, outlining its contributions and design considerations. An in-depth description and evaluation of each component will be discussed in separate work. While still under development, we expect our approach to make a significant contribution to enhanced analysis of current malware. |
Bibtex:
@inproceedings { bft2012,author = { Martin Brunner and Christian M. Fuchs and Sascha Todt},
title = { AWESOME - Automated Web Emulation for Secure Operation of a Malware-Analysis Environment },
year = { 2012 },
month = { August },
booktitle = { Proceedings of the Sixth International Conference on Emerging Security Information, Systems and Technologies (SECURWARE 2012) },
address = { Rome, Italy },
note = { ISBN: 978-1-61208-209-7. Best Paper Award },
pages = { 68-71 },
organization = { International Academy, Research, and Industry Association (IARIA) },
url = { http://www.thinkmind.org/index.php?view=article&articleid=securware_2012_3_20_30016 },
}