Abstract
Nowadays, computer based technology has taken a central role in every person life. Hence, damage caused by malicious software (malware) can reach and effect many people globally as what could be in the early days of computer. A close look at the current approaches of malware analysis shows that the respond time of reported malware to public users is slow. Hence, the users are unable to get prompt feedback when reporting suspicious files. Therefore, this paper aims at introducing a new approach to enhance malware analyzer performance. This approach utilizes cloud computing features and integrates it with malware analyzer. To evaluate the proposed approach, two systems had been prepared carefully with the same malware analyzer, one of them utilizes cloud computing and the other left without change. The evaluation results showed that the proposed approach is faster by 23 % after processing 3,000 samples. Furthermore, utilizing cloud computing can open door to crowd-source this service hence encouraging malware reporting and accelerate malware detection by engaging the public users at large. Ultimately this proposed system hopefully can reduce the time taken to detect new malware in the wild.
Similar content being viewed by others
References
Anubis Malware Analyzer. http://anubis.iseclab.org/
CloudStack. http://incubator.apache.org/cloudstack/
Cuckoo sandbox. http://cuckoobox.org/
Hadoop. http://hadoop.apache.org/
Adrian Martinez, C., Isaza Echeverri, G., Castillo Sanz, A.G.: Malware detection based on cloud computing integrating intrusion ontology representation. In: 2010 IEEE Latin-American Conference on Communications, pp. 1–6. IEEE (2010). doi:10.1109/LATINCOM.2010.5641013
Baliga, B.J., Ayre, R.W.A., Hinton, K., Tucker, R.S.: Green cloud computing: balancing energy in processing, storage, and transport. Proc. IEEE 99(1), 149–167 (2011)
Bayer, U., Kirda, E., Kruegel, C.: Improving the efficiency of dynamic malware analysis. In: Proceedings of the 2010 ACM Symposium on Applied Computing-SAC ’10, p. 1871. ACM Press, New York (2010). doi:10.1145/1774088.1774484
Chen, T.: Stuxnet, the real start of cyber warfare? [Editor’s Note]. IEEE Netw. 24(6), 2–3 (2010). doi:10.1109/MNET.2010.5634434
Egan, G., Haley, K., Mckinney, D., Millington, T., Mulcahy, J., Parsons, T., Watson, A., Nisbet, M., Johnston, N., Hittel, S.: Internet Security Threat Report. Technical Report. April (2012)
Report, Emerging Cyber Threats: Georgia Tech Security Information Center. Georgia Tech Research Center Technical Report. November (2012)
Hashim, S., Jumari, K., Ismail, M.: Computer network intrusion detection software development. In: 2000 TENCON Proceedings. Intelligent Systems and Technologies for the New Millennium (Cat. No.00CH37119), vol. 2, pp. 117–123. IEEE (2000). doi:10.1109/TENCON.2000.892235
Hu, X., Chiueh, T.C., Shin, K.G.: Large-scale malware indexing using function-call graphs. In: Proceedings of the 16th ACM Conference on Computer and Communications Security-CCS ’09, pp. 611–620. ACM Press, New York (2009). doi:10.1145/1653662.1653736
Issa, A.: Anti-virtual machines and emulations. J. Comput. Virol. 8(4), 141–149 (2012)
Kuperberg, M., Herbst, N., von Kistowski, J., Reussner, R.: Defining and Quantifying Elasticity of Resources in Cloud Computing and Scalable Platforms. Karlsruhe (2011)
Liu, S.T., Chen, Y.M.: Retrospective detection of malware attacks by cloud computing. In: 2010 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery, pp. 510–517. IEEE (2010). doi:10.1109/CyberC.2010.99
Martignoni, L., Paleari, R., Bruschi, D.: A framework for behavior-based malware analysis in the cloud. In. Informatica, vol. 5905, pp. 178–192 (2009). doi:10.1007/978-3-642-10772-6_14
Oberheide, J., Cooke, E., Jahanian, F.: CloudAV: N-version antivirus in the network cloud. In: Proceedings of the 17th Conference on Security Symposium, pp. 91–106. USENIX Association (2008)
Perdisci, R., Lanzi, A., Lee, W.: McBoost: boosting scalability in malware collection and analysis using statistical classification of executables. In: 2008 Annual Computer Security Applications Conference (ACSAC), pp. 301–310. IEEE (2008). doi:10.1109/ACSAC.2008.22. http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=4721567
Security, R.S.: Flamer: Highly Sophisticated and Discreet Threat Targets the Middle East (2012). http://www.symantec.com/connect/blogs/flamer-highly-sophisticated-and-discreet-threat-targets-middle-east
Vaquero, L.M., Rodero-Merino, L., Buyya, R.: Dynamically scaling applications in the cloud. ACM SIGCOMM Comput. Commun. Rev. 41(1), 45–52 (2011). doi:10.1145/1925861.1925869
Velte, T., Velte, A., Elsenpeter, R.: Cloud Computing: A Practical Approach, 1st edn. McGraw-Hill, Inc., New York (2010)
Willems, C., Holz, T., Freiling, F.: Toward automated dynamic malware analysis using CWSandbox. IEEE Secur. Priv. Mag. 5(2), 32–39 (2007). doi:10.1109/MSP.2007.45. http://www.computer.org/portal/web/csdl/doi/10.1109/MSP.2007.45
Acknowledgments
The work presented in this paper was supported by ScienceFund grant from Ministry of Science, Technology and Innovation (MOSTI), Malaysia. Malware samples used in this work came from myCERT, Cyber Security, Malaysia.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Barakat, O.L., Hashim, S.J., Raja Abdullah, R.S.A.B. et al. Malware analysis performance enhancement using cloud computing. J Comput Virol Hack Tech 10, 1–10 (2014). https://doi.org/10.1007/s11416-013-0187-2
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11416-013-0187-2