Malware Analysis‎ > ‎

Introduction

I have developed the previous version (TWMAN) of this project when I worked in NCHC. Unfortunately, I have give up this job on 2011/09/28 but why I hope I can maintain the new version of this project (TWMAN+) ? This because I hope to do something for security research. Therefore, We focus on how to detect malware behavioral by system performance  and Type-2 Fuzzy technology

Unfortunately again, on 2012.12.12 .... We make a decide to rename our project, this because we hope we won't to meet some infringement for somebody who supporting the previous version of our project. Now, We will release the new structure and methodology (mash up virtual with physical for Multi server-clients and share by cloud storage) of the Open Source Project on 2013.01.01. Reminder, Our new Open Source Project which named Malware Analysis Network in Taiwan ( Man in Taiwan, M i T ) Please visit our Website: http://MiT.TWMAN.ORG, now. If you are interested in collaborating with us. 

Also, we will first announce important new on Google+ and you can discuss with us on Community of Google+. Google+: http://X.TWMAN.ORG/MIT/, Community on Google+http://X.TWMAN.ORG/Community

By the way, if you want to check TWMAN+ even MiT plagiarize TWMAN, please visit " http://sourceforge.net/projects/twman/files/?source=navbar ", and download any version then to check some script or click image fellow that you will understand what I mean. In my humble opinion, I think I am the only one original developer of these malware behavior toolkit and as an open source project.

Abstract

Based on the developer his past experience in developing TaiWan Malware Analysis Net+ (TWMAN+) and executing the industry-university cooperation project (Malware Analysis Platform: National University of Tainan vs. e-Enabling Data Center), this research project will use a mail alertness analysis service as a prototype to develop a new generation cloud cluster platform, Malware Analysis Net in Taiwan (MiT), for fast analyzing and restoring malware. Additionally, MiT is developed by open source and is with the physical-virtual hybrid environment. The core technologies of the research project include as follows: (1) Establish the cloud technology applications such as IaaS and SaaS to provide malware behavior analysis in a hybrid environment. By this method, a large number of known malware will be analyzed by collecting the logs of network connections, registry, and memory or system data from all running processes, extracting their features to gather their related behavioral information, and finally acquiring more unknown malicious software behavior by providing automatic sampling, report cloud sharing, and function controlling mechanisms. (2) Introduce the interval type-2 fuzzy set (T2FS) to integrate the construction of the malware analysis domain knowledge with the interval type-2 fuzzy ontology for future faster scan, analysis, and match of the malware. In this way, the research project’s performance will provide the security researchers with the new malware analysis technologies to proceed with the much precise assessment and further analysis to enhance the instantaneous malware analysis. This developed system will be authorized to release by open source and it is hoped that the developed system can largely collect and analyze the malware samples to provide the industries and universities to do the research-related applications via the established cloud knowledge platform in the future.

Nowadays, because hackers continuously research and develop new techniques to intrude into related information systems, security researchers require continuous analysis and tracking of new malicious techniques for protecting sensitive and valuable data from being stolen by the hackers. This research project will develop a Malware Analysis Net in Taiwan (MiT) and its core technologies include to (1) establish cloud technology applications such as IaaS and SaaS to provide malware behavior analysis in a hybrid environment where a large number of known malware will be analyzed to extract their features and collect their related behavior, and (2) establish the type-2 fuzzy malware analysis ontology to provide the faster scan, analysis, and match of the malware. MiT will collect the logs of network connections, registry, and memory or system data from all running processes to develop a cloud storage sharing and integrate virtual and physical malware analysis platform. By introducing the interval type-2 fuzzy ontology to construct the knowledge base of the malware behavioral analysis, MiT will produce more fuzzy semantic behavior of the malware to provide security researchers with the new malicious behavioral analysis techniques to proceed with further precise assessment and analysis.

Keywords: Interval Type-2 Fuzzy Set, Ontology, Malware Behavioral Analysis, Cloud Storage Service


More detail information, please visit our publication !!!