Henning Krause: Approaches to Analyze Malware

Malware is a critical threat for the security in the Internet. Malicious actors and security specialists are constantly competing for new ways to outperform one another. The goal of the hackers is to infiltrate a target system without being noticed. In order to protect a system it is an important step to identify malware before it is executed and can starts to invoke unintended behavior. With a reactive network telescope it is possible to obtain malware that is distributed by two-phase scanners. This offers the opportunity to collect malware at an early stage of distribution in which it may not be known by the security community yet. Thus, a strategy must be developed to analyze and classify the findings. This work aims to review methods and practices that are in use to analyze malware in order to lay a foundation for future work. Recent approaches which try to identify malware as binaries or at execution time will be presented.

Slides