Portable Dynamic Malware Analysis with an Improved Scalability and Automatisation

Pektas A., ACARMAN T.

10th International Conference on Computer Recognition Systems (CORES), Polanica Zdroj, Poland, 22 - 24 May 2017, vol.578, pp.211-220 identifier identifier

  • Publication Type: Conference Paper / Full Text
  • Volume: 578
  • Doi Number: 10.1007/978-3-319-59162-9_22
  • City: Polanica Zdroj
  • Country: Poland
  • Page Numbers: pp.211-220


A malware is deployed ubiquitously to steal safety or liability-critical information and damage the compromised systems. In this paper, we present a portable, scalable and transparent system for dynamic analysis of malware targeting Windows OS. The portability feature is enabled by introducing a driver capable of collecting the behavioural activities of analysed samples in low kernel level and detection of a new malware in the latest version of Windows OS is guaranteed without waiting for its signature update. A large volume and variety of malicious behaviour is monitored and analysed by the presented virtual, scalable and automated system deployment. End-to-end design is presented and functional tests of portability feature are conducted by compiling the developed kernel driver component in the analysis machine. Evaluation is performed by using recently captured malware samples that are automatically analysed and detected on a Windows 8 Ultimate 64-bit and Windows 10 OS.