Cultivating skilled malware analysts: Clarification of practical malware dynamic analysis through interviews

Cultivating skilled malware analysts: Clarification of practical malware dynamic analysis through interviews

연구 분야: Safety

학회: International Journal of Information Security

Malware dynamic analysis performed by experts provides useful information regarding behavior, connection destinations, and samples after de-obfuscation at a relatively low cost. On the other hand, since practical malware analysis is tacit knowledge, the tasks to be performed in detailed analysis and the problems in performing these tasks are not always clearly defined. Adequate clarification of tasks and problems is expected to promote both the efficient training of analysts and research in this field. The purpose of this study is to clarify the tasks conducted by analysts, the end-conditions of these tasks, and the problems in task implementation. Eleven participants were interviewed and 63 different tasks and 25 different end-conditions of analysis tasks were identified. We also developed a basic analysis flow with the main purpose of providing support for the analysis procedure. In addition, with the aim of contributing to the efficiency of the training and self-improvement of analysts, we identified trends in the tasks and end-conditions of analysts with different experience levels and developed a basic analysis flow to support analysis procedures. We also presented knowledge related to education, such as the provision of training that encourages analysis from a more bird’s eye viewpoint. We identified 27 problems faced by analysts and demonstrated the need for support to ensure the safety of the dynamic analysis environment and to improve the information obtained through practical dynamic analysis. We believe our findings will be useful when drawing up educational guidelines for malware analysts and for future research related to dynamic analysis.