Paper Info
Title
Cuckoo’s Malware Threat Scoring and Classification: Friend or Foe?
Abstract
Malware threat classification involves understanding the behavior of the malicious software and how it affects a victim host system. Classifying threats allows for measured response appropriate to the risk involved. Malware incident response depends on many automated tools for the classification of threat to help identify the appropriate reaction to a threat alert. Cuckoo Sandbox is one such tool which can be used for automated analysis of malware and one method of threat classification provided is a threat score. A security analyst might submit a suspicious file to Cuckoo for analysis to determine whether or not the file contains malware or performs potentially malicious behavior on a system. Cuckoo is capable of producing a report of this behavior and ranks the severity of the observed actions as a score from one to ten, with ten being the most severe. As such, a malware sample classified as an 8 would likely take priority over a sample classified as a 3. Unfortunately, this scoring classification can be misleading due to the underlying methodology of severity classification. In this paper we demonstrate why the current methodology of threat scoring is flawed and therefore we believe it can be improved with greater emphasis on analyzing the behavior of the malware. This allows for a threat classification rating which scales with the risk involved in the malware behavior.
Year
DOI
Venue
2019
10.1109/CCWC.2019.8666454
2019 IEEE 9th Annual Computing and Communication Workshop and Conference (CCWC)
Keywords
Field
DocType
Malware,Virtual machining,Microsoft Windows,Tools,Information security
Sandbox (computer security),Microsoft Windows,Incident response,Computer security,Cuckoo,Computer science,Information security,Malware,Virtual machining
Conference
ISBN
Citations 
PageRank 
978-1-7281-0554-3
1
0.43
References 
Authors
0
3
Name
Order
Citations
PageRank
Aaron Walker121.88
M. Faisal Amjad2218.90
Shamik Sengupta348353.08