Singapore Institute of Technology
Browse
Data Crawling for Malware Analysis for Holistic Prevention of Future Exploits.pdf (541.16 kB)

Data Crawling for Malware Analysis for Holistic Prevention of Future Exploits

Download (541.16 kB)
conference contribution
posted on 2023-10-17, 03:50 authored by K Mohamed Sharaafat, Yi Ling Celeste Lau, Sebastian Wong, Yu Tan, Muhammad Khairin Bin Mohd, Isaac Medina Agatep IV, Zhiyuan Zhang, Huaqun GuoHuaqun Guo

Ransomware has been an ever-living threat since the time of its inception to the present day as computers and data hold more significance and are pivotal as to how individuals and businesses operate in society. Its persistence results in huge amounts of funds extorted from its victims and an ever-growing market for the creation of newer incessant versions and variations. Such type of malware is responsible for the losses of millions of dollars per annum. To combat this, the Common Vulnerabilities and Exposures (CVE) list had been launched for public usage to identify, define and catalog publicly disclosed vulnerabilities. These vulnerabilities provide data which can be used to derive upon a fix but could also be used to exploit systems that have not yet been patched. While CVE has grown and continues to grow as a useful tool for IT professionals to pool their efforts and undertake these vulnerabilities to reinforce our cyberspace and computer systems, it is not ideal for an individual or organization to sift through the CVE records one-by-one due to its huge amount of current data of vulnerabilities available in CVE. Instead, this process can be further expedited using web crawling and data representation and presentation. This can be done with Python due to its ability to create complex analytical programs without the need to learn complex programming syntaxes and data types as compared to traditional programming languages. In this paper, we dive deep into the use of Python programming utilized as a web crawling tool to extract CVE records and display selected data of vulnerabilities based on parameters when requested by a user. Further functionalities can provide in-depth graphical display of fetched information, to derive upon a prediction, based on analyses for holistic prevention of future exploits.

Funding

SIT ignition project (No. R-IE2-A405-0002)

History

Journal/Conference/Book title

2023 8th International Conference on Computer and Communication Systems (ICCCS), 21-23 April 2023, Guangzhou, China.

Publication date

2023-06-23

Version

  • Post-print

Rights statement

K Mohamed Sharaafat, Yi Ling Celeste Lau, Sebastian Wong, Yu Tan, Muhammad Khairin Bin Mohd, Isaac Medina Agatep IV, Zhiyuan Zhang, Huaqun Guo, "Data Crawling for Malware Analysis for Holistic Prevention of Future Exploits," 2023 8th International Conference on Computer and Communication Systems (ICCCS), Guangzhou, China, 2023, pp. 719-724, doi: 10.1109/ICCCS57501.2023.10150487. © 2023 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.

Project ID

  • 11679 (R-IE2-A405-0002) Investigating Security Situation Awareness against Ransomware Attacks

Usage metrics

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC