Malware Analysis

Signature-based malware detection is no longer effective due to frequent re-packing; dynamic detection via sandboxes also problematical due to anti-research and the fact that sandboxes themselves can be compromised.

We offer a novel hybrid approach of static and dynamic analysis which automates discovery of new anti-research and malicious behavior. Using the analysis, we can both automate malware detection and provide a tool to aid security researchers in identifying and analyzing malware.

The malware detection platform uses machine learning on the malware analysis reports and provides a decision and score of the “maliciousness” of sample. In addition, it provides explanations and insights regarding the cause of suspicion and an affiliation score to known malware families or a novelty score indicating suspicion of a new family.

As a result, we can provide an end-to-end automated malware analysis and detection tool that identifies malware, provides analysis information for security researchers, and integrates with existing toolsets.

Contact

Orit Edelstein, Emerging Security & Quality Technologies, IBM Research - Haifa