Malware analysis environment with the use of Elastic Stack
Author
Wang, Songshuo
Term
4. semester
Education
Publication year
2024
Pages
56
Abstract
As malicious software (malware) increasingly hides its activity through evasion and obfuscation, the standard dynamic analysis method—sandboxing (running code in an isolated environment)—can become time-consuming for certain threats. This thesis explores a different approach: using the Elastic Stack for dynamic malware analysis. The Elastic Stack (Elasticsearch, Kibana, and integrations) is used to collect and visualize data. We install and run Elasticsearch, Kibana, and relevant integrations, then execute real malware samples to gather data, and finally use Kibana’s visual interface to examine the behavior in depth. The thesis summarizes methods and examples for determining malware behavior and provides detailed, step-by-step guidance for analysis with the Elastic Stack.
Efterhånden som skadelig software (malware) bliver bedre til at skjule sig via undvigelse og tilsløring, kan den almindelige metode til dynamisk analyse—sandboxing (kørsel i et isoleret testmiljø)—blive tidskrævende over for visse trusler. Denne afhandling undersøger en anden tilgang: at bruge Elastic Stack til dynamisk analyse af malware. Elastic Stack (Elasticsearch, Kibana og integrationer) bruges til at indsamle og visualisere data. Vi installerer og kører Elasticsearch, Kibana og relevante integrationer, kører derefter egentlige malwareprøver for at indsamle data og bruger til sidst Kibanas grafiske grænseflade til at analysere adfærden i dybden. Afhandlingen sammenfatter metoder og eksempler til at bestemme malwareadfærd og beskriver detaljerede trin for, hvordan man udfører analysen med Elastic Stack.
[This apstract has been rewritten with the help of AI based on the project's original abstract]
Keywords