Singapore Institute of Technology
Browse
2023331479.pdf (1.47 MB)

A SIEM and Multiple Analysis Software Integrated Malware Detection Approach

Download (1.47 MB)
conference contribution
posted on 2024-07-08, 06:55 authored by Daiyu Sim, Huaqun GuoHuaqun Guo, Luying ZhouLuying Zhou

The organization’s IT systems, especially IT and OT combined systems have a large surface exposed to sophisticated cyber-attacks, such as Advanced Persistent Threats (APT) and malware variants. To defend against those cyber attackers, Security Information and Event Management (SIEM) technologies could be leveraged. SIEM is a security solution that helps organizations recognize potential security threats and vulnerabilities, detects user behaviour anomalies, and provides an incident response. However, the existing SIEMs are insufficient to effectively counteract malware attacks, and more functionalities need to be developed and enhanced. There are analysis software approaches that statically or dynamically analyze suspicious files to detect malware, such as VirusTotal, Capa, Yara, and machine learning (ML) algorithms. In this work, we integrate an open-source SIEM tool with multiple analysis software, so that the malware analysis can be conducted from different aspects, i.e., from log data, static and dynamic code analysis, and behaviour analysis. And we demonstrate the enhanced real-time malware detection capability and performance.

Funding

This research project is supported by an ignition grant with Grant No. R-IE2-A405-0002, Singapore Institute of Technology and Ministry of Education, Singapore.

History

Journal/Conference/Book title

The 17th IEEE International Conference on Service Operations and Logistics, and Informatics (IEEE SOLI 2023)

Publication date

2024-02-14

Version

  • Post-print

Rights statement

© 2024 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.

Corresponding author

Huaqun Guo, huaqun.guo@singaporetech.edu.sg

Project ID

  • 11679 (R-IE2-A405-0002) Investigating Security Situation Awareness against Ransomware Attacks

Usage metrics

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC