Malware analysis is still largely a manual task. This slow and inefficient approach does not scale to the exponential rise in the rate of new unique malware generated. Hence, automating the process as much as possible becomes desirable. In this paper, we present ColdPress - an extensible malware analysis platform that automates the end-to-end process of malware threat intelligence gathering integrated output modules to perform report generation of arbitrary file formats. ColdPress combines state-of-the-art tools and concepts into a modular system that aids the analyst to efficiently and effectively extract information from malware samples. It is designed as a user-friendly and extensible platform that can be easily extended with user-defined modules. We evaluated ColdPress with complex real-world malware samples (e.g., WannaCry), demonstrating its efficiency, performance and usefulness to security analysts.
翻译:恶意软件分析在很大程度上仍是一项手工工作。 这种缓慢和低效的方法并不至于新生成的独有恶意软件速度的指数上升。 因此,尽可能使程序自动化是可取的。 我们在本文件中介绍了ColdPress -- -- 一个可扩展的恶意软件分析平台,该平台将恶意软件威胁情报的端到端过程自动化,收集综合输出模块,以进行报告任意生成文件格式的报告。ColdPress将最新工具与概念合并成一个模块系统,帮助分析员高效和有效地从恶意软件样本中提取信息。它设计成一个方便用户的、可扩展的平台,可以使用用户定义模块进行扩展。我们用复杂的真实软件软件样本(如WantCry)对冷软件进行了评估,向安全分析员展示了其效率、性能和实用性。
相关内容
- Today (iOS and OS X): widgets for the Today view of Notification Center
- Share (iOS and OS X): post content to web services or share content with others
- Actions (iOS and OS X): app extensions to view or manipulate inside another app
- Photo Editing (iOS): edit a photo or video in Apple's Photos app with extensions from a third-party apps
- Finder Sync (OS X): remote file storage in the Finder with support for Finder content annotation
- Storage Provider (iOS): an interface between files inside an app and other apps on a user's device
- Custom Keyboard (iOS): system-wide alternative keyboards
Source: iOS 8 Extensions: Apple’s Plan for a Powerful App Ecosystem
微信扫码咨询专知VIP会员