Data Crawling for Malware Analysis for Holistic Prevention of Future Exploits
Ransomware has been an ever-living threat since the time of its inception to the present day as computers and data hold more significance and are pivotal as to how individuals and businesses operate in society. Its persistence results in huge amounts of funds extorted from its victims and an ever-growing market for the creation of newer incessant versions and variations. Such type of malware is responsible for the losses of millions of dollars per annum. To combat this, the Common Vulnerabilities and Exposures (CVE) list had been launched for public usage to identify, define and catalog publicly disclosed vulnerabilities. These vulnerabilities provide data which can be used to derive upon a fix but could also be used to exploit systems that have not yet been patched. While CVE has grown and continues to grow as a useful tool for IT professionals to pool their efforts and undertake these vulnerabilities to reinforce our cyberspace and computer systems, it is not ideal for an individual or organization to sift through the CVE records one-by-one due to its huge amount of current data of vulnerabilities available in CVE. Instead, this process can be further expedited using web crawling and data representation and presentation. This can be done with Python due to its ability to create complex analytical programs without the need to learn complex programming syntaxes and data types as compared to traditional programming languages. In this paper, we dive deep into the use of Python programming utilized as a web crawling tool to extract CVE records and display selected data of vulnerabilities based on parameters when requested by a user. Further functionalities can provide in-depth graphical display of fetched information, to derive upon a prediction, based on analyses for holistic prevention of future exploits.
SIT ignition project (No. R-IE2-A405-0002)
Journal/Conference/Book title2023 8th International Conference on Computer and Communication Systems (ICCCS), 21-23 April 2023, Guangzhou, China.
Rights statementK Mohamed Sharaafat, Yi Ling Celeste Lau, Sebastian Wong, Yu Tan, Muhammad Khairin Bin Mohd, Isaac Medina Agatep IV, Zhiyuan Zhang, Huaqun Guo, "Data Crawling for Malware Analysis for Holistic Prevention of Future Exploits," 2023 8th International Conference on Computer and Communication Systems (ICCCS), Guangzhou, China, 2023, pp. 719-724, doi: 10.1109/ICCCS57501.2023.10150487. © 2023 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
- 11679 (R-IE2-A405-0002) Investigating Security Situation Awareness against Ransomware Attacks