Malware Detection on Local Network based on Honeypot and Yara

Abstract

The malware threats have never subsided, even the trend shows an increase and varies along with the development of hardware and software technology. End user may not realize if their machine is compromised by malware. It could be the anti-malware mechanism is not working properly, such as the anti-virus is not updated or there is a zero-day attack. Therefore, it is necessary to detect the presence of malware on end-systems devices or the existence of zero-day attack in the local network. Implementation of honeypot as a security sensor that collects malware attack data in the form of malware files and malware hashes can be used as signatures for scanning and detecting malware. This research utilizes a honeypot as a security sensor to catching malware. The malware hash from the honeypot is used to scanning and detecting the presence of malware on the end-system in a local network such as a PC or server. Furthermore, Yara helps clarify the type of malware found by scanning suspected files. The results of scanning and detecting of malware by Yara will be reported to the appropriate authorities via Telegram application channles. This research contributes by providing early warning of potential security threats to the network and collecting hash code of recently malware attacking to the network. Keywords: Honeypot, Malware, Yara, Proactive Security .