Abstract
The dramatically increased threats such as malware attacks to our cyber world have given us the vital sign to strengthen the security in a more proactive way. Thus, in recent research we proposed an integrated malware forensic analytics framework that will expose the future threats of malware attacks. This framework incorporates malware collections, malware analytics and visualization of discovered malware attacks. In this paper, we present the design and implementation of the framework which focuses on analytics and visualization, and utilized the emerging technology of big data platform. The implementation of the framework shows promising results in presenting descriptive analytics and predicting the future attacks using machine learning algorithms. We also demonstrate the feasibility of Hortonworks Cybersecurity Package (HCP) in supporting the proposed framework. Finally, we discussed the future work that can be further investigated in improving the implementation of the framework.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
McAfee LLC, McAfee Labs 2018 Threats Predictions. Mission College Boulevard, Santa Clara, CA (2017)
Sophos Ltd., SophosLabs 2018 Malware Forecast. Abingdon Science Park, Oxford, UK (2017)
Martini, B., Choo, K.K.R.: An integrated conceptual digital forensic framework for cloud computing. Digit. Invest. 9, 71–80 (2012). Netherlands
Quick, D., Choo, K.K.R.: Impacts of increasing volume of digital forensic data: a survey and future research challenges. Digit. Invest. 11, 273–294 (2014). Netherlands
von Solms, S., et al.: A control framework for digital forensics. In: Advances in Digital Forensics II, pp. 343–355 (2006)
Casey, E., Katz, G., Lewthwaite, J.: Honing digital forensic processes. Digital Invest. 10(2), 138–147 (2013)
Palmer, G.: A road map for digital forensic research: report from the first digital forensic research workshop (DFRWS). Utica, New York (2001)
Sindhu, K., Meshram, B.: Digital forensics and cybercrime datamining. J. Inf. Secur. 3(3), 196 (2012)
Pollitt, M.: Computer forensics: an approach to evidence in cyberspace. In: Proceedings of the National Information Systems Security Conference (1995)
Reith, M., Carr, C., Gunsch, G.: An examination of digital forensic models. Int. J. Digital Evid. 1(3), 1–12 (2002)
Carrier, B., Spafford, E.H.: Getting physical with the digital investigation process. Int. J. Digit. Evid. 2(2), 1–20 (2003)
Casey, E.: The Value of Forensic Preparedness and Digital-Identification Expertise in Smart Society. Elsevier (2017)
Ervural, B.C., Ervural, B.: Overview of cyber security in the industry 4.0 Era. In: Industry 4.0: Managing the Digital Transformation, pp. 267–284. Springer, Cham (2018)
Guarino, A.: Digital forensics as a big data challenge. In: ISSE 2013 Securing Electronic Business Processes, pp. 197–203. Springer, Wiesbaden (2013)
Guizani, M., et al.: Honeypot communities: a case study with the discrete-event simulation framework. In: Network Modeling and Simulation, pp. 45–68. John Wiley & Sons, Ltd. (2010)
Rodr, A., et al.: Towards a 2-hybrid Android malware detection test framework. In: International Conference on Electronics, Communications and Computers (CONIELECOMP) (2016)
Tan, Y.: Immune cooperation mechanism-based learning framework. In: Artificial Immune System Applications in Computer Security, pp. 136–149. John Wiley & Sons, Inc. (2016)
Solaimani, M., et al.: Online anomaly detection for multi-source VMware using a distributed streaming framework. Softw. Pract. Exp. 46(11), 1479–1497 (2016)
Feng, Z., et al.: HRS: a hybrid framework for malware detection. In: Proceedings of the 2015 ACM International Workshop on International Workshop on Security and Privacy Analytics, San Antonio, Texas, USA, pp. 19–26. ACM (2015)
Shabtai, A., et al.: “Andromaly”: a behavioral malware detection framework for android devices. J. Intell. Inf. Syst. 38(1), 161–190 (2012)
Brand, M., Valli, C., Woodward, A.: Malware forensics: discovery of the intent of deception. J. Digit. Forensics Secur. Law JDFSL 5(4), 31 (2010)
Eason, G., Noble, B., Sneddon, I.N.: On certain integrals of Lipschitz-Hankel type involving products of Bessel functions. Phil. Trans. Roy. Soc. London A 247, 529–551 (1955)
Prasanthi, B.V.: Cyber forensic tools: a review. Int. J. Eng. Trends Technol. (IJETT) 41(5), 266–271 (2016)
Rafique, M., Khan, M.N.: Exploring static and live digital forensics: methods, practices and tools. Int. J. Sci. Eng. Res. 4(10), 1048–1056 (2013)
Singh, K., et al.: Big data analytics framework for peer-to-peer botnet detection using random forests. Inf. Sci. 278, 488–497 (2014)
Iglesias, F., Annessi, R., Zseby, T.: DAT detectors: uncovering TCP/IP covert channels by descriptive analytics. Secur. Commun. Netw. 9(15), 3011–3029 (2016)
Marchetti, M., et al.: Countering advanced persistent threats through security intelligence and big data analytics. In: 2016 8th International Conference on Cyber Conflict (CyCon) (2016)
Fortscale. Why Behavioral Analytics. https://fortscale.com/. Accessed 2018
Subramanian, D., Loh, P.K.K.: Malware analytics for social networking. In: Trends and Applications of Serious Gaming and Social Media, pp. 71–87. Springer, Singapore (2014)
Lotem, A., Peri, D., Raff, A.: System and methods for Malware detection using log analytics for channels and super channels. Google Patents (2016)
Han, K., Lim, J.H., Im, E.G.: Malware analysis method using visualization of binary files. In: Proceedings of the 2013 Research in Adaptive and Convergent Systems, Montreal, Quebec, Canada, pp. 317–321. ACM (2013)
Yuen, J., Turnbull, B., Hernandez, J.: Visual analytics for cyber red teaming. In: 2015 IEEE Symposium on Visualization for Cyber Security (VizSec) (2015)
Chang, H.C., Wang, C.Y.: Cloud incident data analytics: change-point analysis and text visualization. In: 2015 48th Hawaii International Conference on System Sciences (HICSS) (2015)
Noel, S., et al.: Chapter 4 - CyGraph: graph-based analytics and visualization for cybersecurity. In: Gudivada V.N., Raghavan V.V., Govindaraju V., Rao, C.R. (eds.) Handbook of Statistics, pp. 117–167. Elsevier (2016)
Paturi, A., et al.: Mobile malware visual analytics and similarities of attack toolkits (2017)
Zhuo, W., Nadjin, Y.: MalwareVis: entity-based visualization of malware network traces. In: Proceedings of the Ninth International Symposium on Visualization for Cyber Security, Seattle, Washington, USA, pp. 41–47. ACM (2012)
Kalamaras, I., et al.: MoVA: a visual analytics tool providing insight in the big mobile network data. In: IFIP International Conference on Artificial Intelligence Applications and Innovations. Springer, Cham (2015)
Centrifuge Systems Homepage. http://www.centrifugesystems.com. Assessed 5 Jun 2018
Tableau Homepage. http://www.tableau.com. Assessed 5 Jun 2018
SAS Homepage. http://www.sas.com. Assessed 5 Jun 2018
Hortonworks Homepage. https://hortonworks.com. Assessed 30 Jan 2018
Scikit-learn Homepage. http://scikit-learn.org/stable/. Assessed 30 Jan 2018
Acknowledgment
This research was fully funded by Ministry of Science, Technology and Innovation of Malaysian Government: DSTIN grant awarded to CyberSecurity Malaysia (CSM) in collaboration with Universiti Teknologi Malaysia (UTM).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Chuprat, S. et al. (2019). Malware Forensic Analytics Framework Using Big Data Platform. In: Arai, K., Bhatia, R., Kapoor, S. (eds) Proceedings of the Future Technologies Conference (FTC) 2018. FTC 2018. Advances in Intelligent Systems and Computing, vol 881. Springer, Cham. https://doi.org/10.1007/978-3-030-02683-7_19
Download citation
DOI: https://doi.org/10.1007/978-3-030-02683-7_19
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-02682-0
Online ISBN: 978-3-030-02683-7
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)