SCARECROW: Towards Scalable Automatic Malware Detection and Reporting System Utilizing Crowd-Sourcing

Malware is the main computer security threat that may cause damage to many people’s d evices and companies’ infrastructure. End users who want to make sure that their downloaded executable files from the Internet are currently presented by a binary choice (OK or Cancel) but there is no viable third alternative for uncertainty (Not Sure). Reporting to any security agency or company for status inquiry regarding executable files normally lack of efficiency in terms of reporting back to the users in a timely manner. As a consequence, developing a more efficient approach that provide a prompt response to the users on reported suspicious files is important in order to encourage more end users engagement in malware reporting. This empower the users to act based on the informed decision and help reducing the number of unknown malware in the wild. This study proposes a new automatic and scalable malware analyzer system called SCARECROW that is able to quickly scrutinize and generate an automated report for each malware detected. The implementation of the approach includes both the client (users’ system) and the backend processing (security agencies or companies). The client side provides a user friendly and integrated reporting mechanism. The backend is based on utilizing cloud computing to scale and speed up the analysis and feedback process.

[1]  Wenke Lee,et al.  Ether: malware analysis via hardware virtualization extensions , 2008, CCS.

[2]  Kasmiran Jumari,et al.  Computer network intrusion detection software development , 2000, 2000 TENCON Proceedings. Intelligent Systems and Technologies for the New Millennium (Cat. No.00CH37119).

[3]  Felix C. Freiling,et al.  Toward Automated Dynamic Malware Analysis Using CWSandbox , 2007, IEEE Secur. Priv..

[4]  Ken Chiang,et al.  Farm: An automated malware analysis environment , 2008, 2008 42nd Annual IEEE International Carnahan Conference on Security Technology.

[5]  Christopher Krügel,et al.  Detecting System Emulators , 2007, ISC.

[6]  Yi Ming Chen,et al.  Retrospective Detection of Malware Attacks by Cloud Computing , 2010, CyberC 2010.

[7]  Toby Velte,et al.  Cloud Computing, A Practical Approach , 2009 .

[8]  Rodney S. Tucker,et al.  Green Cloud Computing: Balancing Energy in Processing, Storage, and Transport , 2011, Proceedings of the IEEE.

[9]  Randy H. Katz,et al.  A view of cloud computing , 2010, CACM.

[10]  Xu Chen,et al.  Towards an understanding of anti-virtualization and anti-debugging behavior in modern malware , 2008, 2008 IEEE International Conference on Dependable Systems and Networks With FTCS and DCC (DSN).

[11]  Lorenzo Martignoni,et al.  A Framework for Behavior-Based Malware Analysis in the Cloud , 2009, ICISS.

[12]  Andrés G. Castillo Sanz,et al.  Malware detection based on Cloud Computing integrating Intrusion Ontology representation , 2010 .

[13]  Samuel T. King,et al.  MAVMM: Lightweight and Purpose Built VMM for Malware Analysis , 2009, 2009 Annual Computer Security Applications Conference.

[14]  U. Bayer,et al.  TTAnalyze: A Tool for Analyzing Malware , 2006 .

[15]  Farnam Jahanian,et al.  CloudAV: N-Version Antivirus in the Network Cloud , 2008, USENIX Security Symposium.

[16]  InduShobha N. Chengalur-Smith,et al.  An overview of social engineering malware: Trends, tactics, and implications , 2010 .