Malware writers have employed various obfuscation and polymorphism techniquesto thwart static analysis approaches and bypassing antivirus tools. Dynamicanalysis techniques, however, have essentially overcome these deceits byobserving the actual behaviour of the code execution. In this regard, variousmethods, techniques and tools have been proposed. However, because of thediverse concepts and strategies used in the implementation of these methods andtools, security researchers and malware analysts find it difficult to selectthe required optimum tool to investigate the behaviour of a malware and tocontain the associated risk for their study. Focusing on two dynamic analysistechniques: Function Call monitoring and Information Flow Tracking, this paperpresents a comparison framework for dynamic malware analysis tools. Theframework will assist the researchers and analysts to recognize the toolsimplementation strategy, analysis approach, system wide analysis support andits overall handling of binaries, helping them to select a suitable andeffective one for their study and analysis.
展开▼
