Singapore Institute of Technology
2023331479.pdf (1.47 MB)

A SIEM and Multiple Analysis Software Integrated Malware Detection Approach

Download (1.47 MB)
conference contribution
posted on 2024-07-08, 06:55 authored by Daiyu Sim, Huaqun GuoHuaqun Guo, Luying ZhouLuying Zhou

The organization’s IT systems, especially IT and OT combined systems have a large surface exposed to sophisticated cyber-attacks, such as Advanced Persistent Threats (APT) and malware variants. To defend against those cyber attackers, Security Information and Event Management (SIEM) technologies could be leveraged. SIEM is a security solution that helps organizations recognize potential security threats and vulnerabilities, detects user behaviour anomalies, and provides an incident response. However, the existing SIEMs are insufficient to effectively counteract malware attacks, and more functionalities need to be developed and enhanced. There are analysis software approaches that statically or dynamically analyze suspicious files to detect malware, such as VirusTotal, Capa, Yara, and machine learning (ML) algorithms. In this work, we integrate an open-source SIEM tool with multiple analysis software, so that the malware analysis can be conducted from different aspects, i.e., from log data, static and dynamic code analysis, and behaviour analysis. And we demonstrate the enhanced real-time malware detection capability and performance.


This research project is supported by an ignition grant with Grant No. R-IE2-A405-0002, Singapore Institute of Technology and Ministry of Education, Singapore.


Journal/Conference/Book title

The 17th IEEE International Conference on Service Operations and Logistics, and Informatics (IEEE SOLI 2023)

Publication date



  • Post-print

Rights statement

© 2024 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.

Corresponding author

Huaqun Guo,

Project ID

  • 11679 (R-IE2-A405-0002) Investigating Security Situation Awareness against Ransomware Attacks

Usage metrics


    Ref. manager