Skip to main content
SpringerLink
Log in

Malware Forensic Analytics Framework Using Big Data Platform

  • Conference paper
  • First Online:
Proceedings of the Future Technologies Conference (FTC) 2018 (FTC 2018)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 881))

Included in the following conference series:

Abstract

The dramatically increased threats such as malware attacks to our cyber world have given us the vital sign to strengthen the security in a more proactive way. Thus, in recent research we proposed an integrated malware forensic analytics framework that will expose the future threats of malware attacks. This framework incorporates malware collections, malware analytics and visualization of discovered malware attacks. In this paper, we present the design and implementation of the framework which focuses on analytics and visualization, and utilized the emerging technology of big data platform. The implementation of the framework shows promising results in presenting descriptive analytics and predicting the future attacks using machine learning algorithms. We also demonstrate the feasibility of Hortonworks Cybersecurity Package (HCP) in supporting the proposed framework. Finally, we discussed the future work that can be further investigated in improving the implementation of the framework.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. McAfee LLC, McAfee Labs 2018 Threats Predictions. Mission College Boulevard, Santa Clara, CA (2017)

    Google Scholar 

  2. Sophos Ltd., SophosLabs 2018 Malware Forecast. Abingdon Science Park, Oxford, UK (2017)

    Google Scholar 

  3. Martini, B., Choo, K.K.R.: An integrated conceptual digital forensic framework for cloud computing. Digit. Invest. 9, 71–80 (2012). Netherlands

    Article  Google Scholar 

  4. Quick, D., Choo, K.K.R.: Impacts of increasing volume of digital forensic data: a survey and future research challenges. Digit. Invest. 11, 273–294 (2014). Netherlands

    Article  Google Scholar 

  5. von Solms, S., et al.: A control framework for digital forensics. In: Advances in Digital Forensics II, pp. 343–355 (2006)

    Google Scholar 

  6. Casey, E., Katz, G., Lewthwaite, J.: Honing digital forensic processes. Digital Invest. 10(2), 138–147 (2013)

    Article  Google Scholar 

  7. Palmer, G.: A road map for digital forensic research: report from the first digital forensic research workshop (DFRWS). Utica, New York (2001)

    Google Scholar 

  8. Sindhu, K., Meshram, B.: Digital forensics and cybercrime datamining. J. Inf. Secur. 3(3), 196 (2012)

    Google Scholar 

  9. Pollitt, M.: Computer forensics: an approach to evidence in cyberspace. In: Proceedings of the National Information Systems Security Conference (1995)

    Google Scholar 

  10. Reith, M., Carr, C., Gunsch, G.: An examination of digital forensic models. Int. J. Digital Evid. 1(3), 1–12 (2002)

    Google Scholar 

  11. Carrier, B., Spafford, E.H.: Getting physical with the digital investigation process. Int. J. Digit. Evid. 2(2), 1–20 (2003)

    Google Scholar 

  12. Casey, E.: The Value of Forensic Preparedness and Digital-Identification Expertise in Smart Society. Elsevier (2017)

    Google Scholar 

  13. Ervural, B.C., Ervural, B.: Overview of cyber security in the industry 4.0 Era. In: Industry 4.0: Managing the Digital Transformation, pp. 267–284. Springer, Cham (2018)

    Google Scholar 

  14. Guarino, A.: Digital forensics as a big data challenge. In: ISSE 2013 Securing Electronic Business Processes, pp. 197–203. Springer, Wiesbaden (2013)

    Chapter  Google Scholar 

  15. Guizani, M., et al.: Honeypot communities: a case study with the discrete-event simulation framework. In: Network Modeling and Simulation, pp. 45–68. John Wiley & Sons, Ltd. (2010)

    Google Scholar 

  16. Rodr, A., et al.: Towards a 2-hybrid Android malware detection test framework. In: International Conference on Electronics, Communications and Computers (CONIELECOMP) (2016)

    Google Scholar 

  17. Tan, Y.: Immune cooperation mechanism-based learning framework. In: Artificial Immune System Applications in Computer Security, pp. 136–149. John Wiley & Sons, Inc. (2016)

    Google Scholar 

  18. Solaimani, M., et al.: Online anomaly detection for multi-source VMware using a distributed streaming framework. Softw. Pract. Exp. 46(11), 1479–1497 (2016)

    Article  Google Scholar 

  19. Feng, Z., et al.: HRS: a hybrid framework for malware detection. In: Proceedings of the 2015 ACM International Workshop on International Workshop on Security and Privacy Analytics, San Antonio, Texas, USA, pp. 19–26. ACM (2015)

    Google Scholar 

  20. Shabtai, A., et al.: “Andromaly”: a behavioral malware detection framework for android devices. J. Intell. Inf. Syst. 38(1), 161–190 (2012)

    Article  Google Scholar 

  21. Brand, M., Valli, C., Woodward, A.: Malware forensics: discovery of the intent of deception. J. Digit. Forensics Secur. Law JDFSL 5(4), 31 (2010)

    Google Scholar 

  22. Eason, G., Noble, B., Sneddon, I.N.: On certain integrals of Lipschitz-Hankel type involving products of Bessel functions. Phil. Trans. Roy. Soc. London A 247, 529–551 (1955)

    Article  MathSciNet  Google Scholar 

  23. Prasanthi, B.V.: Cyber forensic tools: a review. Int. J. Eng. Trends Technol. (IJETT) 41(5), 266–271 (2016)

    Article  Google Scholar 

  24. Rafique, M., Khan, M.N.: Exploring static and live digital forensics: methods, practices and tools. Int. J. Sci. Eng. Res. 4(10), 1048–1056 (2013)

    Google Scholar 

  25. Singh, K., et al.: Big data analytics framework for peer-to-peer botnet detection using random forests. Inf. Sci. 278, 488–497 (2014)

    Article  Google Scholar 

  26. Iglesias, F., Annessi, R., Zseby, T.: DAT detectors: uncovering TCP/IP covert channels by descriptive analytics. Secur. Commun. Netw. 9(15), 3011–3029 (2016)

    Article  Google Scholar 

  27. Marchetti, M., et al.: Countering advanced persistent threats through security intelligence and big data analytics. In: 2016 8th International Conference on Cyber Conflict (CyCon) (2016)

    Google Scholar 

  28. Fortscale. Why Behavioral Analytics. https://fortscale.com/. Accessed 2018

  29. Subramanian, D., Loh, P.K.K.: Malware analytics for social networking. In: Trends and Applications of Serious Gaming and Social Media, pp. 71–87. Springer, Singapore (2014)

    Chapter  Google Scholar 

  30. Lotem, A., Peri, D., Raff, A.: System and methods for Malware detection using log analytics for channels and super channels. Google Patents (2016)

    Google Scholar 

  31. Han, K., Lim, J.H., Im, E.G.: Malware analysis method using visualization of binary files. In: Proceedings of the 2013 Research in Adaptive and Convergent Systems, Montreal, Quebec, Canada, pp. 317–321. ACM (2013)

    Google Scholar 

  32. Yuen, J., Turnbull, B., Hernandez, J.: Visual analytics for cyber red teaming. In: 2015 IEEE Symposium on Visualization for Cyber Security (VizSec) (2015)

    Google Scholar 

  33. Chang, H.C., Wang, C.Y.: Cloud incident data analytics: change-point analysis and text visualization. In: 2015 48th Hawaii International Conference on System Sciences (HICSS) (2015)

    Google Scholar 

  34. Noel, S., et al.: Chapter 4 - CyGraph: graph-based analytics and visualization for cybersecurity. In: Gudivada V.N., Raghavan V.V., Govindaraju V., Rao, C.R. (eds.) Handbook of Statistics, pp. 117–167. Elsevier (2016)

    Google Scholar 

  35. Paturi, A., et al.: Mobile malware visual analytics and similarities of attack toolkits (2017)

    Google Scholar 

  36. Zhuo, W., Nadjin, Y.: MalwareVis: entity-based visualization of malware network traces. In: Proceedings of the Ninth International Symposium on Visualization for Cyber Security, Seattle, Washington, USA, pp. 41–47. ACM (2012)

    Google Scholar 

  37. Kalamaras, I., et al.: MoVA: a visual analytics tool providing insight in the big mobile network data. In: IFIP International Conference on Artificial Intelligence Applications and Innovations. Springer, Cham (2015)

    Google Scholar 

  38. Centrifuge Systems Homepage. http://www.centrifugesystems.com. Assessed 5 Jun 2018

  39. Tableau Homepage. http://www.tableau.com. Assessed 5 Jun 2018

  40. SAS Homepage. http://www.sas.com. Assessed 5 Jun 2018

  41. Hortonworks Homepage. https://hortonworks.com. Assessed 30 Jan 2018

  42. Scikit-learn Homepage. http://scikit-learn.org/stable/. Assessed 30 Jan 2018

Download references

Acknowledgment

This research was fully funded by Ministry of Science, Technology and Innovation of Malaysian Government: DSTIN grant awarded to CyberSecurity Malaysia (CSM) in collaboration with Universiti Teknologi Malaysia (UTM).

Author information

Authors and Affiliations

  1. Universiti Teknologi Malaysia, Kuala Lumpur, Malaysia

    Suriayati Chuprat, Shamsul Sahibuddin, Mohd Naz’ri Mahrin, Noor Azurati Ahmad, Ganthan Narayana, Pritheega Magalingam & Syahid Anuar

  2. CyberSecurity Malaysia, Kuala Lumpur, Malaysia

    Aswami Ariffin, Firham M. Senan & Mohd Zabri Talib

Authors
  1. Suriayati Chuprat
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Aswami Ariffin
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Shamsul Sahibuddin
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Mohd Naz’ri Mahrin
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Firham M. Senan
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Noor Azurati Ahmad
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Ganthan Narayana
    View author publications

    You can also search for this author in PubMed Google Scholar

  8. Pritheega Magalingam
    View author publications

    You can also search for this author in PubMed Google Scholar

  9. Syahid Anuar
    View author publications

    You can also search for this author in PubMed Google Scholar

  10. Mohd Zabri Talib
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Suriayati Chuprat .

Editor information

Editors and Affiliations

  1. Saga University, Saga, Japan

    Kohei Arai

  2. The Science and Information (SAI) Organization, Bradford, West Yorkshire, UK

    Rahul Bhatia

  3. The Science and Information (SAI) Organization, Bradford, West Yorkshire, UK

    Supriya Kapoor

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Chuprat, S. et al. (2019). Malware Forensic Analytics Framework Using Big Data Platform. In: Arai, K., Bhatia, R., Kapoor, S. (eds) Proceedings of the Future Technologies Conference (FTC) 2018. FTC 2018. Advances in Intelligent Systems and Computing, vol 881. Springer, Cham. https://doi.org/10.1007/978-3-030-02683-7_19

Download citation

Publish with us

Policies and ethics

Search

Navigation