TUM Logo

Distributed Services for Large Scale Dynamic Malware Analysis

The amount of new malware samples that hits security vendors every day is growing expo- nentially. To keep up with the sheer amount, analysts rely more than ever on triage systems to preselect interesting and dangerous samples. The ability of these systems to use dynamic analysis to gather information about a sample is directly linked to the ability to scale their dynamic analysis infrastructure. In this thesis we developed a methodology consisting of four microservices: a feeder, checker, parser and watchdog, to connect analysis platforms to dynamic analysis tools in a scalable and robust fashion. We implemented this concept to connect the widespread analysis platform CRITs to Cuckoo, one of the most commonly used open-source dynamic analysis tools.

Distributed Services for Large Scale Dynamic Malware Analysis

Supervisor(s): George Webster
Status: finished
Topic: Anomaly Detection
Author: Christian von Pentz
Submission: 2015-03-02
Type of Thesis: Bachelorthesis
Proof of Concept No

Astract:

The amount of new malware samples that hits security vendors every day is growing expo- nentially. To keep up with the sheer amount, analysts rely more than ever on triage systems to preselect interesting and dangerous samples. The ability of these systems to use dynamic analysis to gather information about a sample is directly linked to the ability to scale their dynamic analysis infrastructure. In this thesis we developed a methodology consisting of four microservices: a feeder, checker, parser and watchdog, to connect analysis platforms to dynamic analysis tools in a scalable and robust fashion. We implemented this concept to connect the widespread analysis platform CRITs to Cuckoo, one of the most commonly used open-source dynamic analysis tools.