Title :
VirusBattle: State-of-the-art malware analysis for better cyber threat intelligence
Author :
Miles, Craig ; Lakhotia, Arun ; LeDoux, Charles ; Newsom, Aaron ; Notani, Vivek
Author_Institution :
Center for Adv. Comput. Studies, Univ. of Louisiana at Lafayette, Lafayette, LA, USA
Abstract :
Discovered interrelationships among instances of malware can be used to infer connections among seemingly unconnected objects, including actors, machines, and the malware itself. However, such malware interrelationships are currently underutilized in the cyber threat intelligence arena. To fill that gap, we are developing VirusBattle, a system employing state-of-the-art malware analyses to automatically discover interrelationships among instances of malware. VirusBattle analyses mine malware interrelationships over many types of malware artifacts, including the binary, code, code semantics, dynamic behaviors, malware metadata, distribution sites and e-mails. The result is a malware interrelationships graph which can be explored automatically or interactively to infer previously unknown connections.
Keywords :
computer viruses; data mining; graph theory; VirusBattle; binary; code semantics; cyber threat intelligence; distribution sites; dynamic behaviors; e-mails; malware analysis; malware artifacts; malware interrelationship mining; malware interrelationships graph; malware metadata; Computers; Data visualization; Electronic mail; Malware; Performance analysis; Semantics; Visualization;
Conference_Titel :
Resilient Control Systems (ISRCS), 2014 7th International Symposium on
Conference_Location :
Denver, CO
DOI :
10.1109/ISRCS.2014.6900103
