Abstract
The proliferation of malware in recent times have accounted for the increase in computer crimes and prompted for a more aggressive research into improved investigative strategies, to keep up with the menace. Recent techniques and tools that have been developed and adopted to keep up in an arms race with malware authors who have resorted to the use of evasive techniques to avoid analysis during investigation is an on-going concern. Exploring dynamic analysis is unarguably, a positive step to supporting static evidence with malware dynamic behaviour logs. In view of this, analysing this huge generated reports raises concerns about speed, accuracy and performance.This research proposes an Automated Malware Investigative Framework Model, a component based approach that is designed to support investigation by integrating both malware analysis and data mining clustering techniques as part of an effort to solve the problem of overly generated reports. Thus, grouping analysed suspicious samples that exhibit similar behavioural features to make investigation easy and more intuitive. The focus of this paper however, is on implementing sub-components of the framework that directly deals with the problem at hand.
Original language | English |
---|---|
Title of host publication | Proceedings - 5th Cybercrime and Trustworthy Computing Conference, CTC 2014 |
Publisher | Institute of Electrical and Electronics Engineers (IEEE) |
Pages | 54-63 |
Number of pages | 10 |
ISBN (Electronic) | 9781479988259 |
DOIs | |
Publication status | Published - 2015 |
Externally published | Yes |
Event | 5th Cybercrime and Trustworthy Computing Conference, CTC 2014 - Aukland, New Zealand Duration: 24 Nov 2014 → 25 Nov 2014 |
Other
Other | 5th Cybercrime and Trustworthy Computing Conference, CTC 2014 |
---|---|
Country/Territory | New Zealand |
City | Aukland |
Period | 24/11/14 → 25/11/14 |
Keywords
- Clustering techniques
- Data mining
- Digital forensics
- Malware behaviour