2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshop (DSN-W) (2016)
June 28, 2016 to July 1, 2016
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/DSN-W.2016.40
Critical Infrastructures (CIs) are among the main targets of activists, cyber terrorists and state sponsored attacks. To protect itself, a CI needs to build and keep updated a domestic knowledge base of cyber threats. It cannot indeed completely rely on external service providers because information on incidents can be so sensible to impact national security. In this paper, we propose an architecture for a malware analysis framework to support CIs in such a challenging task. Given the huge number of new malware produced daily, the architecture is designed so as to automate the analysis to a large extent, leaving to human analysts only a small and manageable part of the whole effort. Such a non-automatic part of the analysis requires a wide range of expertise, usually contributed by more analysts. The architecture enables analysts to work collaboratively to improve the understanding of samples that demand deeper investigations (intra-CI collaboration). Furthermore, the architecture allows to share partial and configurable views of the knowledge base with other interested CIs, in order to collectively obtain a more complete vision of the cyber threat landscape (inter-CI collaboration).
Malware, Collaboration, Knowledge based systems, Architecture, Computer architecture, Security, Companies
G. Laurenza, D. Ucci, L. Aniello and R. Baldoni, "An Architecture for Semi-Automatic Collaborative Malware Analysis for CIs," 2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshop (DSN-W), Toulouse, France, 2016, pp. 137-142.