Exploring Malware Behaviors Based on Environment Constitution

Executing malware in a controlled environment is one of the most popular and effective methods of extracting the behavior characters of malware. In this paper, we propose a dynamic analysis technique to explore the different behaviors of malware. We utilized environment constitution to create comprehensive reports on malware. This allowed us to extract common paths and identify what seems to be typical malware behavior. We likewise used static analysis to document interactions between malware and environment, after which, based on environment constitution, we dynamically triggered different path selections that we observed have been pursued by malware. Different malware inputs were generated based on the reverse analysis of path selection conditions, a method that allowed for the exploration of all possible malware paths, and thereby permitted us to generate a relatively comprehensive report for this study. The method also allowed us to filter invalid data that we were unable to identify in the earlier process. The method became even more helpful when we implemented vulnerability analysis among the different types of commercial software; here, a prototype of the system was set up, and we have finished experiments to evaluate the system. The result showed that the system could identify typical behaviors of malware without exploring all its possible paths.