Enhanced cuckoo malware analysis performance using cloud computing

Modem information technology affects almost every aspect of human existence. Along with numerous positive outcomes, such comprehensive influence of modem technology on everyday life can also create unprecedented opportunities for the dissemination of malicious software within very short time frames. The damage caused by malicious software can have a profound and lasting impact on many people across the globe. A close look at the current approaches of mal ware analyzers illustrates that response time to community users is inadequately slow at present. It also demonstrates that these analyzers are not scalable to fit the escalating demand for analysis. As a consequence, they will not be able to respond to end-users enquiries in proper time. to present a new approach to ways of enhancing the malware analyzer performance, in order for the end-users to get feedback faster than present indicators. This approach utilizes cloud computing scalability feature to reach appropriate levels of response time. Cloud computing is emerging scalability as the main advantage to help application scale to cope with increasing customer demands. Integrating this technique with modem applications and services will provide faster solution due to scalability. For the purposes of evaluating this approach, two systems were carefully prepared with the same malware analyzer. One of them utilizes cloud computing, and the other one is left with no changes. Both systems were put under investigation with real malware samples to drive a comparison test between the two approaches. Samples were divided into multiple groups with incremental size to study the two systems' behavior towards different submission loads. Results obtained after processing 3000 samples indicated that cloud based malware analyzer is 23% faster than the standalone system. Although cloud enabled system was performing worse than the standalone system when low samples were submitted, it started to take the lead with noticeable performance when increasing numbers of analysis requests were submitted. With greater enhancements in cloud computing implementation levels, this percentage could increase dramatically to save time consumed while analyzing malware. Applying this approach in Malaysia will help community members get faster replies regarding suspicious applications with respect to the huge number of IT consumers. This research could be easily extended to the nationwide malware reporting system which can improve the quality of signatures and anti-viruses.

Text FK 2013 103 ir.pdf Download (7MB)

Actions (login required)

View Item