Title:
Understanding Malware Analysts' Workflows to Narrow the Gap Between Research and Practice

Thumbnail Image
Files
YONGWONG-DISSERTATION-2024.pdf (903.95 KB)
Author(s)
Yong Wong, Miuyin M.
Authors
Advisor(s)
Ahamad, Mustaque
Advisor(s)
Editor(s)
Associated Organization(s)
Organizational Unit
Organizational Unit
School of Computer Science
School established in 2007
Series
Collections
Theses and Dissertations
Supplementary to
Permanent Link
https://hdl.handle.net/1853/76928
Abstract
Malicious software or malware presents a serious cybersecurity challenge, threatening individuals, organizations, and nation-states. To combat and prevent attacks launched with malware, it is essential to understand the malware’s intent and its impact on targeted systems. This process is usually referred to as malware analysis. Over the years, there have been significant research advances in automating the process of malware analysis. Despite these advances, human analysts still play an indispensable role in keeping defenses against malware current and effective. Unfortunately, the manual analysis process used by analysts in practice remains unexplored. To help address this gap, this thesis explores a human-centric approach to malware analysis. In this thesis, I begin by presenting the findings from a user study with malware analysts in practice. This study allowed us to define a taxonomy of malware analysts' objectives, identify five common analysis workflows, and highlight common challenges faced by these analysts. Next, I present the results of a comparative analysis that contrasts the findings from a systematic mapping of malware evasion countermeasures and insights gained from a user study on malware evasion. This comparison reveals several gaps between the real challenges faced by malware experts dealing with evasive malware and the focus of research solutions. Moreover, it highlights future research directions that can help analysts overcome challenging evasion techniques. Lastly, I demonstrate the potential of Large Language Models (LLMs) to help analysts overcome some of the identified challenges that arise due to evasion tactics, with a human-in-the-loop approach. Malware analysis remains a serious challenge despite decades of research and tool development. It is hoped that the insights offered by this thesis help researchers develop tools and techniques that can reduce analyst burden and help us develop defenses against malware in a more timely manner.
Sponsor
Date Issued
2024-12-08
Extent
Resource Type
Text
Resource Subtype
Dissertation
Rights Statement
Rights URI