Jan. 28, 2013 to Jan. 30, 2013
Meijian Li , School of Cornputer, National University of Defense Technology, Changsha Hunan, China
Malware analysis is the process of dissecting a given malware sample in order to determine its purpose and functionality. It is a necessary step to develop effective detection techniques of malicious code and removal tools. The public malware analysis systems are major sources for a user to understand a malware sample. However analysis reports of those analysis systems only include what operation system resources created or accessed by the submitted malware sample, which is insufficient for a malware analyst, who expects a comprehensive analysis report. In this paper, we present iPanda, an analysts oriented comprehensive malware analysis tool. Several prevalent static and dynamic malware analysis techniques, such as detection of evading analysis techniques used by malware authors, information flow tracking, functional code fragments identifying, network behavior analysis, etc., are implemented complementarily in iPanda so that it allows a comprehensive analysis of malware to generate an analysis report including structure profile and behavior profile of the samples. The results are paramount valuable for malware analysts to perform malware detection and containment.
network behavior, malware analysis, information flow tracking, dynamic taint analysis
Meijian Li, "iPanda: A comprehensive malware analysis tool", ICOIN, 2013, 2013 International Conference on Information Networking (ICOIN), 2013 International Conference on Information Networking (ICOIN) 2013, pp. 481-486, doi:10.1109/ICOIN.2013.6496427