Our proposed framework is not only cross checked with external sources but also able to reduce the security issues which were neglected by existing outdated reputation engines.Īntivirus scanners are designed to detect malware and, to a lesser extent, to label detections based on a family association. The proposed system is evaluated in two ways first, we compare the ML techniques to attain the best F-measure, precision and recall scores, and then we compare the entire reputation system with the existing reputation systems. The proposed approach highlights the big data forensic issues and computes severity, risk score along with assessing the confidence and lifespan simultaneously. Using the concept of big data forensics, IP reputation is predicted in its pre-acceptance stage and its associated zero-day attacks are categorized via behavioral analysis by applying the Decision Tree (DT) technique. To overcome the aforementioned issues, we have proposed a novel hybrid approach based on Dynamic Malware Analysis, Cyber Threat Intelligence, Machine Learning (ML), and Data Forensics. Existing reputation systems do not perform well due to their high management cost, false-positive rate, consumption time, and considering very few data sources for claiming IP address reputation. One of the best techniques is the IP reputation system used for profiling the behavior of security threats to the cyber–physical system. To prevent cyber crimes, novel cyber security techniques are required that can identify malicious Internet Protocol (IP) addresses before communication. In the near future, objects have to connect with each other which can result in gathering private sensitive data and cause various security threats and cyber crimes.
We also present that it can detect malicious behaviors from unknown types of sandbox logs. We also demonstrate that AMAR-Generator can identify the malicious behaviors that are conducted by malware from the sandbox logs the detection rates are up to 96.74%, 100%, and 74.87% on the sandbox logs collected in 2013, 2014, and 2015, respectively. Through the performance evaluation, we first demonstrate that AMAR-Generator can generate human-readable reports that can be used by a security analyst as the first step of the malware analysis.
Aiming at a convenient assistant tool for security analysts, our system employs techniques including template matching, API behavior mapping, and malicious behavior database to produce concise human-readable reports that describe the malicious behaviors of malware programs. To address this issue, we developed a system called AMAR-Generator that aims to automate the generation of malware analysis reports based on sandbox logs by making use of existing vendor reports.
This makes security analysts not able to retrieve useful information described in vendor reports. The problem is that even though there are such analyzed examples for malware samples, associating the vendor reports with the sandbox logs is difficult. These malware analysis reports are the results of careful analysis done by security experts. Meanwhile, antivirus vendors usually publish malware analysis reports (vendor reports) on their websites. As the amount of the log generated for a malware sample could become tremendously large, inspecting the log requires a time-consuming effort. To understand the behavior of a given malware sample, security analysts often make use of API call logs collected by the dynamic malware analysis tools such as a sandbox. Analyzing a malware sample requires much more time and cost than creating it.
0 kommentar(er)
