A SIEM and Multiple Analysis Software Integrated Malware Detection Approach
The organization’s IT systems, especially IT and OT combined systems have a large surface exposed to sophisticated cyber-attacks, such as Advanced Persistent Threats (APT) and malware variants. To defend against those cyber attackers, Security Information and Event Management (SIEM) technologies could be leveraged. SIEM is a security solution that helps organizations recognize potential security threats and vulnerabilities, detects user behaviour anomalies, and provides an incident response. However, the existing SIEMs are insufficient to effectively counteract malware attacks, and more functionalities need to be developed and enhanced. There are analysis software approaches that statically or dynamically analyze suspicious files to detect malware, such as VirusTotal, Capa, Yara, and machine learning (ML) algorithms. In this work, we integrate an open-source SIEM tool with multiple analysis software, so that the malware analysis can be conducted from different aspects, i.e., from log data, static and dynamic code analysis, and behaviour analysis. And we demonstrate the enhanced real-time malware detection capability and performance.
Funding
This research project is supported by an ignition grant with Grant No. R-IE2-A405-0002, Singapore Institute of Technology and Ministry of Education, Singapore.
History
Journal/Conference/Book title
The 17th IEEE International Conference on Service Operations and Logistics, and Informatics (IEEE SOLI 2023)Publication date
2024-02-14Version
- Post-print
Rights statement
© 2024 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.Corresponding author
Huaqun Guo, huaqun.guo@singaporetech.edu.sgProject ID
- 11679 (R-IE2-A405-0002) Investigating Security Situation Awareness against Ransomware Attacks