| The goal of malware analysis is to collect information needed by emergency response. First of all, creating host-based and network-based signatures aims at the requirement of signature-based detection techniques. Recently advanced network permeation technology, such as Advanced Persistent Threat, has become more and more prevalent, that makes malware analysis aiming at collecting information for not only emergency response but also security situation assessment.Firstly, this paper introduces kinds of malware analysis methods and analyzes the advantages and disadvantages of these methods. Then it introduces current research status and the shortcomings of existing works. After that, this paper presents the main research objectives. It provides a malware analysis system by which users can analysis malware code and files.Secondly, this paper introduces three open source malware analysis systems and the function modules and key issues of the system. The functional structure of malware analysis system is designed based on requirements and the functional modules of the system are presented. This paper introduces each of the modules involved malware analysis module, communication objects analysis module and communication characteristic analysis module.Thirdly, the paper creates IP blacklist based on the results of experiment and extracts the network characteristics of experiment samples.Finally, based on function design, this paper implements the malware analysis system supporting network activity analysis. The key technologies of analysis system are task schedule, data management and reported file management. Then this paper tests the function and user interface of malware analysis system using samples of Virusshare. According to the results of experiment, the system is available and effective. |
PDF Full Text Request