Abstract
Malware overview reports are valuable information to understand threats behavior and develop proper countermeasures. Currently, most of these studies are focused on either fine-grained, individual sample analysis or coarse-grained landscapes. On the one hand, only the first allows professionals to handle specific security breaches. On the other hand, only the second allows understanding threat scenario as a whole. We claim that a complete security treatment is only possible when combining both approaches. Therefore, this work presents an analysis of a large malware dataset, showing the distinctions between coarse-grained and fine-grained analysis results. It presents both a general threat scenario based on coarse-grained results as well as it details fine-grained results to identify particular malicious constructions to anticipate incident response of future threats.
Highlights
Malware is a constant threat to modern computer systems
Most of current malware analysis research is presented in two forms: i) a coarse-grained overview, highlighting only major aspects, discarding samples details; ii) a fine-grained, specific view, focusing on implementation details, but not stating the risk of such sample in the overall scenario
Samples were presented as a mix of binaries and DLLs, relying on system native functions, with background activity and few system interaction
Summary
To counter such kind of threat, analysis procedures are employed, allowing vaccine development, remediation and enabling forensic procedures. Most of current malware analysis research is presented in two forms: i) a coarse-grained overview, highlighting only major aspects, discarding samples details; ii) a fine-grained, specific view, focusing on implementation details, but not stating the risk of such sample in the overall scenario. Such approaches are complementary and security analysis must consider both to provide a complete threat understanding. This work presents a comparison of both approaches to highlight their differences and how they can be integrated.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
