Augmenting Cyber Assessment through Dynamic Malware Analysis
(Room 320A)
04 Dec 19
2:00 PM
-
2:30 PM
Tracks:
Full Schedule, Wednesday Schedule
Malware is one of the major threats in the cyber space today. It is estimated that over 400,000 new samples[1] are being introduced to the world every day. To defend against these evolving advanced persistent threats (APTs), there is a need for an automatic, scalable, and secure analysis capability. Lockheed Martin is leveraging Georgia Tech’s technical expertise in malware behavior analysis capability, and applying the results to cyber operations analysis and risk assessment.
This paper will describe an approach on how Georgia Tech’s dynamic malware analysis capability can help design a system with better cyber resiliency against existing and emerging advanced persistent threats (APT). In general, malware will remain dormant until it is triggered by specific computing or network conditions or events. Hence, malware analysis framework, like Georgia Tech’s, needs to offer a flexible environment to evaluate a plethora of malware. Most current analysis frameworks cannot segregate the malware traffic in the test network environment; the analysts must decide to isolate, or to let the malware traffic pass through the security controls while letting the malware exhibit their behavior. Georgia Tech’s solution leverages both static and dynamic code analysis techniques to examine the interactions between the malware and its command & control (C2) server so that malware can exhibit its intended behaviors in the native environment. With this capability, the Lockheed Martin cyber solution team can develop specific remedies more quickly against the threats given the detailed nature of the malware analysis. Additionally, with its simulation environment, the LM cyber team can also test and evaluate their “what-if” cyber defensive postures relative to zero-day threats that have not been launched in the real world. Ultimately, this will enhance the system survivability and resiliency.
[1] https://www.av-test.org/en/statistics/malware/