Efficient Threat Hunting Methodology for Analyzing Malicious Binaries in Windows Platform

Ahmed Elmesiry; Mirela Sertovic; Mamoun Qasem

doi:10.1007/978-3-030-76352-7_54

Efficient Threat Hunting Methodology for Analyzing Malicious Binaries in Windows Platform

Ahmed Elmesiry, Mirela Sertovic, Mamoun Qasem

Allbwn ymchwil: Pennod mewn Llyfr/Adroddiad/Trafodion Cynhadledd › Pennod › adolygiad gan gymheiriaid

Crynodeb

The rising cyber threat puts organizations and ordinary users at risk of data breaches. In many cases, Early detection can hinder the occurrence of these incidents or even prevent a full compromise of all internal systems. The existing security controls such as firewalls and intrusion prevention systems are constantly blocking numerous intrusions attempts that happen on a daily basis. However, new situations may arise where these security controls are not sufficient to provide full protection. There is a necessity to establish a threat hunting methodology that can assist investigators and members of the incident response team to analyse malicious binaries quickly and efficiently. The methodology proposed in this research is able to distinguish malicious binaries from benign binaries using a quick and efficient methodology. The proposed methodology consists of static and dynamic hunting techniques. Using these hunting techniques, the proposed methodology is not only capable of identifying a range of signature-based anomalies but also to pinpoint behavioural anomalies that arise in the operating system when malicious binaries are triggered. Static hunting can describe any extracted artifacts as malicious depending on a set of pre-defined patterns of malicious software. Dynamic hunting can assist investigators in finding behavioural anomalies. This work focuses on applying the proposed threat hunting methodology on samples of malicious binaries, which can be found in common malware repositories and presenting the results

Iaith wreiddiol	Saesneg
Teitl	Lecture Notes in Computer Science
Golygyddion	Hakim Hacid, Fatma Outay, Hye-young Paik, Amira Alloum, Marinella Petrocchi, Mohamed Reda Bouadjenek, Amin Beheshti, Xumin Liu, Abderrahmane Maaradji
Man cyhoeddi	Service-Oriented Computing – ICSOC 2020 Workshops
Cyhoeddwr	Springer
Tudalennau	627-641
Nifer y tudalennau	15
Cyfrol	12632
Argraffiad	1
ISBN (Electronig)	978-3-030-76352-7
ISBN (Argraffiad)	978-3-030-76351-0
Dynodwyr Gwrthrych Digidol (DOIs)	https://doi.org/10.1007/978-3-030-76352-7_54
Statws	Cyhoeddwyd - 30 Mai 2021

Cyfres gyhoeddiadau

Enw	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Cyfrol	12632 LNCS
ISSN (Argraffiad)	0302-9743
ISSN (Electronig)	1611-3349

Mynediad at Ddogfen

10.1007/978-3-030-76352-7_54

Dyfynnu hyn

Elmesiry, A., Sertovic, M., & Qasem, M. (2021). Efficient Threat Hunting Methodology for Analyzing Malicious Binaries in Windows Platform. Yn H. Hacid, F. Outay, H. Paik, A. Alloum, M. Petrocchi, M. R. Bouadjenek, A. Beheshti, X. Liu, & A. Maaradji (Gol.), Lecture Notes in Computer Science (1 gol., Cyfrol 12632, tt. 627-641). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Cyfrol 12632 LNCS). Springer. https://doi.org/10.1007/978-3-030-76352-7_54

Elmesiry, Ahmed ; Sertovic, Mirela ; Qasem, Mamoun. / Efficient Threat Hunting Methodology for Analyzing Malicious Binaries in Windows Platform. Lecture Notes in Computer Science. Gol. / Hakim Hacid ; Fatma Outay ; Hye-young Paik ; Amira Alloum ; Marinella Petrocchi ; Mohamed Reda Bouadjenek ; Amin Beheshti ; Xumin Liu ; Abderrahmane Maaradji. Cyfrol 12632 1. gol. Service-Oriented Computing – ICSOC 2020 Workshops : Springer, 2021. tt. 627-641 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inbook{3a6b6cddeaa448e3906c6a4e02aa391d,

title = "Efficient Threat Hunting Methodology for Analyzing Malicious Binaries in Windows Platform",

abstract = "The rising cyber threat puts organizations and ordinary users at risk of data breaches. In many cases, Early detection can hinder the occurrence of these incidents or even prevent a full compromise of all internal systems. The existing security controls such as firewalls and intrusion prevention systems are constantly blocking numerous intrusions attempts that happen on a daily basis. However, new situations may arise where these security controls are not sufficient to provide full protection. There is a necessity to establish a threat hunting methodology that can assist investigators and members of the incident response team to analyse malicious binaries quickly and efficiently. The methodology proposed in this research is able to distinguish malicious binaries from benign binaries using a quick and efficient methodology. The proposed methodology consists of static and dynamic hunting techniques. Using these hunting techniques, the proposed methodology is not only capable of identifying a range of signature-based anomalies but also to pinpoint behavioural anomalies that arise in the operating system when malicious binaries are triggered. Static hunting can describe any extracted artifacts as malicious depending on a set of pre-defined patterns of malicious software. Dynamic hunting can assist investigators in finding behavioural anomalies. This work focuses on applying the proposed threat hunting methodology on samples of malicious binaries, which can be found in common malware repositories and presenting the results",

keywords = "Malicious Binaries, Malware, Threat Hunting, Digital Investigations",

author = "Ahmed Elmesiry and Mirela Sertovic and Mamoun Qasem",

note = "Publisher Copyright: {\textcopyright} 2021, Springer Nature Switzerland AG.",

year = "2021",

month = may,

day = "30",

doi = "10.1007/978-3-030-76352-7_54",

language = "English",

isbn = "978-3-030-76351-0",

volume = "12632",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer",

pages = "627--641",

editor = "Hakim Hacid and Fatma Outay and Hye-young Paik and Amira Alloum and Marinella Petrocchi and Bouadjenek, {Mohamed Reda} and Amin Beheshti and Xumin Liu and Abderrahmane Maaradji",

booktitle = "Lecture Notes in Computer Science",

address = "Germany",

edition = "1",

}

Elmesiry, A, Sertovic, M & Qasem, M 2021, Efficient Threat Hunting Methodology for Analyzing Malicious Binaries in Windows Platform. yn H Hacid, F Outay, H Paik, A Alloum, M Petrocchi, MR Bouadjenek, A Beheshti, X Liu & A Maaradji (gol.), Lecture Notes in Computer Science. 1 gol., cyfrol. 12632, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), cyfrol. 12632 LNCS, Springer, Service-Oriented Computing – ICSOC 2020 Workshops, tt. 627-641. https://doi.org/10.1007/978-3-030-76352-7_54

Efficient Threat Hunting Methodology for Analyzing Malicious Binaries in Windows Platform. / Elmesiry, Ahmed; Sertovic, Mirela; Qasem, Mamoun.

Lecture Notes in Computer Science. gol. / Hakim Hacid; Fatma Outay; Hye-young Paik; Amira Alloum; Marinella Petrocchi; Mohamed Reda Bouadjenek; Amin Beheshti; Xumin Liu; Abderrahmane Maaradji. Cyfrol 12632 1. gol. Service-Oriented Computing – ICSOC 2020 Workshops : Springer, 2021. t. 627-641 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Cyfrol 12632 LNCS).

Allbwn ymchwil: Pennod mewn Llyfr/Adroddiad/Trafodion Cynhadledd › Pennod › adolygiad gan gymheiriaid

TY - CHAP

T1 - Efficient Threat Hunting Methodology for Analyzing Malicious Binaries in Windows Platform

AU - Elmesiry, Ahmed

AU - Sertovic, Mirela

AU - Qasem, Mamoun

PY - 2021/5/30

Y1 - 2021/5/30

N2 - The rising cyber threat puts organizations and ordinary users at risk of data breaches. In many cases, Early detection can hinder the occurrence of these incidents or even prevent a full compromise of all internal systems. The existing security controls such as firewalls and intrusion prevention systems are constantly blocking numerous intrusions attempts that happen on a daily basis. However, new situations may arise where these security controls are not sufficient to provide full protection. There is a necessity to establish a threat hunting methodology that can assist investigators and members of the incident response team to analyse malicious binaries quickly and efficiently. The methodology proposed in this research is able to distinguish malicious binaries from benign binaries using a quick and efficient methodology. The proposed methodology consists of static and dynamic hunting techniques. Using these hunting techniques, the proposed methodology is not only capable of identifying a range of signature-based anomalies but also to pinpoint behavioural anomalies that arise in the operating system when malicious binaries are triggered. Static hunting can describe any extracted artifacts as malicious depending on a set of pre-defined patterns of malicious software. Dynamic hunting can assist investigators in finding behavioural anomalies. This work focuses on applying the proposed threat hunting methodology on samples of malicious binaries, which can be found in common malware repositories and presenting the results

AB - The rising cyber threat puts organizations and ordinary users at risk of data breaches. In many cases, Early detection can hinder the occurrence of these incidents or even prevent a full compromise of all internal systems. The existing security controls such as firewalls and intrusion prevention systems are constantly blocking numerous intrusions attempts that happen on a daily basis. However, new situations may arise where these security controls are not sufficient to provide full protection. There is a necessity to establish a threat hunting methodology that can assist investigators and members of the incident response team to analyse malicious binaries quickly and efficiently. The methodology proposed in this research is able to distinguish malicious binaries from benign binaries using a quick and efficient methodology. The proposed methodology consists of static and dynamic hunting techniques. Using these hunting techniques, the proposed methodology is not only capable of identifying a range of signature-based anomalies but also to pinpoint behavioural anomalies that arise in the operating system when malicious binaries are triggered. Static hunting can describe any extracted artifacts as malicious depending on a set of pre-defined patterns of malicious software. Dynamic hunting can assist investigators in finding behavioural anomalies. This work focuses on applying the proposed threat hunting methodology on samples of malicious binaries, which can be found in common malware repositories and presenting the results

KW - Malicious Binaries

KW - Malware

KW - Threat Hunting

KW - Digital Investigations

U2 - 10.1007/978-3-030-76352-7_54

DO - 10.1007/978-3-030-76352-7_54

M3 - Chapter

SN - 978-3-030-76351-0

VL - 12632

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 627

EP - 641

BT - Lecture Notes in Computer Science

A2 - Hacid, Hakim

A2 - Outay, Fatma

A2 - Paik, Hye-young

A2 - Alloum, Amira

A2 - Petrocchi, Marinella

A2 - Bouadjenek, Mohamed Reda

A2 - Beheshti, Amin

A2 - Liu, Xumin

A2 - Maaradji, Abderrahmane

PB - Springer

CY - Service-Oriented Computing – ICSOC 2020 Workshops

ER -

Elmesiry A, Sertovic M, Qasem M. Efficient Threat Hunting Methodology for Analyzing Malicious Binaries in Windows Platform. Yn Hacid H, Outay F, Paik H, Alloum A, Petrocchi M, Bouadjenek MR, Beheshti A, Liu X, Maaradji A, golygyddion, Lecture Notes in Computer Science. 1 gol. Cyfrol 12632. Service-Oriented Computing – ICSOC 2020 Workshops: Springer. 2021. t. 627-641. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-030-76352-7_54

Efficient Threat Hunting Methodology for Analyzing Malicious Binaries in Windows Platform

Crynodeb

Cyfres gyhoeddiadau

Mynediad at Ddogfen

Ôl bys

Dyfynnu hyn