Efficient Threat Hunting Methodology for Analyzing Malicious Binaries in Windows Platform

Ahmed Elmesiry, Mirela Sertovic, Mamoun Qasem

    Allbwn ymchwil: Pennod mewn Llyfr/Adroddiad/Trafodion CynhadleddPennodadolygiad gan gymheiriaid

    Crynodeb

    The rising cyber threat puts organizations and ordinary users at risk of data breaches. In many cases, Early detection can hinder the occurrence of these incidents or even prevent a full compromise of all internal systems. The existing security controls such as firewalls and intrusion prevention systems are constantly blocking numerous intrusions attempts that happen on a daily basis. However, new situations may arise where these security controls are not sufficient to provide full protection. There is a necessity to establish a threat hunting methodology that can assist investigators and members of the incident response team to analyse malicious binaries quickly and efficiently. The methodology proposed in this research is able to distinguish malicious binaries from benign binaries using a quick and efficient methodology. The proposed methodology consists of static and dynamic hunting techniques. Using these hunting techniques, the proposed methodology is not only capable of identifying a range of signature-based anomalies but also to pinpoint behavioural anomalies that arise in the operating system when malicious binaries are triggered. Static hunting can describe any extracted artifacts as malicious depending on a set of pre-defined patterns of malicious software. Dynamic hunting can assist investigators in finding behavioural anomalies. This work focuses on applying the proposed threat hunting methodology on samples of malicious binaries, which can be found in common malware repositories and presenting the results
    Iaith wreiddiolSaesneg
    TeitlLecture Notes in Computer Science
    GolygyddionHakim Hacid, Fatma Outay, Hye-young Paik, Amira Alloum, Marinella Petrocchi, Mohamed Reda Bouadjenek, Amin Beheshti, Xumin Liu, Abderrahmane Maaradji
    Man cyhoeddiService-Oriented Computing – ICSOC 2020 Workshops
    CyhoeddwrSpringer
    Tudalennau627-641
    Nifer y tudalennau15
    Cyfrol12632
    Argraffiad1
    ISBN (Electronig)978-3-030-76352-7
    ISBN (Argraffiad)978-3-030-76351-0
    Dynodwyr Gwrthrych Digidol (DOIs)
    StatwsCyhoeddwyd - 30 Mai 2021

    Cyfres gyhoeddiadau

    EnwLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
    Cyfrol12632 LNCS
    ISSN (Argraffiad)0302-9743
    ISSN (Electronig)1611-3349

    Ôl bys

    Gweld gwybodaeth am bynciau ymchwil 'Efficient Threat Hunting Methodology for Analyzing Malicious Binaries in Windows Platform'. Gyda’i gilydd, maen nhw’n ffurfio ôl bys unigryw.

    Dyfynnu hyn