PricingBlogAbout Us

Cyber Threat Intelligence: VirusBattle Malware Analysis Report

Verified

Added on  2019/10/08

|5
|1594
|423
Report
AI Summary
This report provides a critique of the "VirusBattle: State-of-the-Art Malware Analysis for Better Cyber Threat Intelligence" study, which aims to develop a system for discovering malware interrelationships. The report explores the research questions, including how VirusBattle utilizes Static FuncTracker and probabilistic hashes to identify malware connections. It describes the dataset, research problem, and the findings of the study, such as the use of Static FuncTracker for identifying shared code semantics and Dynamic Multipath Tracer for extracting dynamic behaviors. The report discusses the potential generalization of the results to other applications, like analyzing web addresses and email messages associated with malware. It also highlights the limitations of the study, including issues with packers and code obfuscation, and identifies research gaps, such as the lack of information on budget, marketing, and data collection. Finally, the report concludes that while the project is ambitious, it lacks strong technical, financial, and marketing backing, and suggests areas for future research and development.
Document Page
VirusBattle: State-of-the-Art Malware Analysis for Better Cyber Threat Intelligence
Name of the student:
Name of the University:
Author note:
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
1
Introduction:
This paper is aimed to provide a critique to the chosen study “VirusBattle: State-of-the-Art
Malware Analysis for Better Cyber Threat Intelligence”, which aims to develop such system
that discover interrelationships among instances of malware utilising state-of-the-art malware
analysis. Through this paper research problem will explained and how the finding can be
utilised in other application will be explained. Through providing critique to the chosen
study, research gap will highlighted and conclusion will be drawn based upon its findings
from the analysis.
Research question(s):
Primary research question: Present study was to determine how VirusBattle with the first-
class in elegance malware research framework can discover malware interrelationships?
Secondary research question:
Besides the primary research question, present study was aimed to trace how Static
FuncTracker investigation gives VirusBattle actual favourable occasions.
Moreover, it was also aimed to trace how probabilistic hashes of the semantic
highlights can enable the VirusBattle to trace malware interrelation
Hypotheses:
As per the chosen study, VirusBattle is one of the under developing program and researchers
are still working on the same to fulfil their aims. Thus, the study has not showcased any
hypothesis in it.
Description of dataset:
VirusBattle analyses mine malware interrelationships traced their useful data over many
types of malware artefacts. It includes the binary, code, code semantics, dynamic behaviours,
malware metadata, distribution sites and e-mails.
Research problem:
Picked reflect on consideration on exhibit that the virtual threat knowledge and investigation
market it is growing quickly. It has likewise featured the way that devices like Palantir
Gotham and IBM i2 are utilized by perception examiners and virtual risk protectors
continually to help in the extraction of good sized understanding from big records
accumulations contained statistics received from numerous unique resources. this is
accomplished through encouraging the revelation of concealed interrelationships among
digital historical rarities, for example, components from prepared gadget logs, intermediary
and IDS frameworks, VPN, opposed to infection, DLP, DNS questions, and alertness logs;
and from logical records, similar to e mail, print logs, workplace get to logs, internal talk
Document Page
2
logs, and HR data Description of the dataset and examining method. Malware has been
severely underrepresented in virtual danger insight and exam endeavours. Malware deliver
adequate intends to disclosure of interrelationships among each other. Distinguishing
evidence of shrouded connections among malware empowers examiners to cause
approximately entire malware crusades and to deduce institutions among bodily-international
performers. But, this potential has gone to a first rate extent undiscovered. For instance, as of
composing, it gives the idea that the main malware records commonly contemplated about in
digital hazard insight and exam devices are AV place results and associated machine catches.
In the end picked examination plans to create VirusBattle with the first-class in elegance
malware research framework which could discover malware interrelationships.
Explanation of the finding:
VirusBattle's Static FuncTracker research offers a strategy for finding shared Computed
Semantics historic rarities amongst occurrences of malware. Particularly, the investigation
acknowledges semantically comparative techniques of code. The research finds
interrelationships by using looking at probabilistic hashes of the semantic highlights, which
are summed up denotational semantics processed over an x86 dismantling posting by means
of the BinJuice framework.
The Static FuncTracker investigation gives VirusBattle a few actual favourable occasions.
Initially, it takes into account flexible and slow handling. As new malware arrives, the hashes
are processed and positioned away in a transfer record to empower sub-sequent brisk
disclosure of comparative structures. Second, the utilization of semantic highlights empowers
region of strategies that are almost comparative, irrespective of whether or not they're
grammatically altogether exceptional.
VirusBattle's Dynamic Multipath Tracer clearly extricates a far reaching set of a malware's
Dynamic Behaviours by means of actuating the malware underneath examination into
showing its full association of practices. By means of distinguishing likenesses among these
Dynamic Behaviours, VirusBattle can find interrelationships amongst malware dependent on
the arrangement of practices they may show while accomplished.
Digital hazard insight frameworks have turned out to be superb in their potential to locate
interrelationships among physical international aggressors and attack relics. Anyways, till
now, just shallow malware information has been applied on this specific situation. In step
with the creator its miles depended on that discovered interrelationships among malware can
comprehend the malware organic system as complete, just as to draw in addition institutions

This is a preview!

Do you want full access?

icon

Trusted by 1+ million students worldwide

Document Page
3
amongst bodily world substances. VirusBattle is a stage which have been growing to check
that hypothesis. It fuses
excellent in magnificence malware investigations to find interrelationships among malware
over a huge variety of kinds of malware antiques together with the double, code, code
semantics, dynamic practices, metadata, and conveyance device information, for instance,
associated net places and unsolicited mail/spearfishing messages.
Generalisation to other application of the result:
VirusBattle investigation will provide the capability to reason about the web addresses related
with an example of malware. For example, whilst the circulate vector of an incidence of
malware is understood to be a domain, data about the site will be obviously mined and made
on hand to the framework for correlation, including the substance facilitated on the place, the
gap's enlistment data, and geolocation records. A similar information will likewise be
gathered for internet provides to which the malware interfaces amid execution. Additionally,
VirusBattle will consolidate investigations to concentrate and have a look at facts from email
messages through which malware is conveyed. This facts can incorporate the substance of the
email message just because the message's metadata. Also, the space of the sender's region
may be dissected inside the way mentioned above. The substance of e mail messages can be
contrasted making use of published examination processes with associate junk mail or
spearfishing efforts, and in this manner the malware conveyed under them. One extra
VirusBattle investigation will concentrate and consider paired executable metadata observed
in the PE headers of the malware. It’s been indicated already that facts contained in PE
headers is appropriately discriminative to be used in distinguishing linked executable packers.
As per the author, they have additionally observed that PE header statistics can be utilized as
appropriate highlights for setting apart some companies of malware. In addition, positive PE
header fields can distinguish the compiler toolchain used to fabricate the malware, alongside
these strains giving profile additives of the capable virtual on-display screen characters.
Limitation of the paper:
There are various limitation to the paper and these are vital to the project execution. One of
the major issues is related with the classes of packers or protectors. Different type of packers
are there, which can be traditional packer, paged packer, virtual machine protectors and
classification parameter. Based on the execution behaviour how much and when the original
code is decrypted is not known. Besides, if traditional packer is used, then the entire code will
be decrypted at one time leading to scope that Hump is never detected. Second challenge is
code obfuscation. Suggested VirusBattle will not capture register renaming, memory address
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
4
reassignment, code motion between blocks and evolutionary changes where hashes good for
strict equality leading fall in malware detection. Moreover, establishing constraints between
induced variables in computing juice is not generalised leading to limitation in use of the
program.
Research gap:
Research gap entails the process and aim of the project, however, never highlights the budget
requirement of the same. Besides, there is no indication regarding the marketing process and
the sales as well as after sales service. Moreover, the program is in test bed. Thus there is no
fixed date regarding the launching of the same. Along with this, data collection process and
collected data information is not clear in the paper.
Future extension of the paper:
Considering the research gap and the limitation and the development stage of the VirusBattle,
it can certainly be argued that there is ample scope to enhance the paper further. With the
eventual development of the research work, new findings will come up and future paper can
utilise the same to elaborate on the finding of the present study. For instance, future
researcher can showcase the prospect of generalisation of the VirusBattle for the Malware
detection in different platform.
Conclusion:
As per the present study it can be seen that the study has tried to showcased and oversimplify
the project without any strong technical, financial and economic backing. Though the project
has showcased wide scope of generalised application, yet it has failed to provide any well-
defined evidence of the same. The project is ambitious, however, paper lacks in case of
financial as well as marketing presentation term.
chevron_up_icon
1 out of 5
circle_padding
hide_on_mobile
zoom_out_icon
logo.png

Your All-in-One AI-Powered Toolkit for Academic Success.

  +13062052269
info@desklib.com

Available 24*7 on WhatsApp / Email

[object Object]
Unlock your academic potential

Copyright © 2020–2026 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.