Visible to the public A Framework for Collecting and Analysis PE Malware Using Modern Honey Network (MHN)

TitleA Framework for Collecting and Analysis PE Malware Using Modern Honey Network (MHN)
Publication TypeConference Paper
Year of Publication2020
AuthorsMatin, I. Muhamad Malik, Rahardjo, B.
Conference Name2020 8th International Conference on Cyber and IT Service Management (CITSM)
Date Publishedoct
Keywordscomposability, computer viruses, Computers, dynamic analysis techniques, feature extraction, file format information, invasive software, learning (artificial intelligence), Malware, malware analysis, malware collection technique, malware detection, malware information, malware PE file type formats, malware samples, Metrics, modern honey network, Operating systems, operating systems (computers), Payloads, PE file format, PE malware, pubcrawl, resilience, Resiliency, security, security threat, static analysis, static analysis techniques, Windows operating system, Windows Operating System Security, windows-based malware
Abstract

Nowadays, Windows is an operating system that is very popular among people, especially users who have limited knowledge of computers. But unconsciously, the security threat to the windows operating system is very high. Security threats can be in the form of illegal exploitation of the system. The most common attack is using malware. To determine the characteristics of malware using dynamic analysis techniques and static analysis is very dependent on the availability of malware samples. Honeypot is the most effective malware collection technique. But honeypot cannot determine the type of file format contained in malware. File format information is needed for the purpose of handling malware analysis that is focused on windows-based malware. For this reason, we propose a framework that can collect malware information as well as identify malware PE file type formats. In this study, we collected malware samples using a modern honey network. Next, we performed a feature extraction to determine the PE file format. Then, we classify types of malware using VirusTotal scanning. As the results of this study, we managed to get 1.222 malware samples. Out of 1.222 malware samples, we successfully extracted 945 PE malware. This study can help researchers in other research fields, such as machine learning and deep learning, for malware detection.

DOI10.1109/CITSM50537.2020.9268810
Citation Keymatin_framework_2020