FRINK Linked Data Fragments server

Matches in SemOpenAlex for { <https://semopenalex.org/work/W1835103687> ?p ?o ?g. }

• W1835103687 endingPage "18" @default.
• W1835103687 startingPage "1" @default.
• W1835103687 abstract "In recent years, an ever-increasing number of IT security incidents have been observed, often involving malicious software. In order to cope with the threat posed, it is essential to have a structured analysis workflow for assessment and mitigation. In this paper, we give a thorough explanation of the malware analysis workflow specified and employed by our team of analysts. It was deducted from observed work patterns and best practices with a strong focus on enabling collaboration, i.e. analyses conducted by multiple analysts in parallel in order to achieve a speed-up. The proposed workflow starts at the point where one or more malware samples have already been extracted. It consists of four phases as a whole, each with its own goals, constraints, and abort conditions. The first phase aims at gaining an overview of the current situation and specifying goals of the analysis and their respective priorities. The second phase features a preliminary analysis used to sharpen the picture of the threat, using methods of Open Source Intelligence (OSINT) and automated tools in order to obtain a quick assessment enabling first mitigation. In addition, one objective is to facilitate and prepare a more granular dissection of the malware sample, e.g. by unpacking and deobfuscation. The third phase comprises an in-depth analysis relying heavily on reverse engineering of selected parts of the malware. The selection may be influenced by earlier findings or focus on prominent aspects like nesting, functionality, or communication protocols. The final phase builds upon the results of the preceding phases, leading to tailored mitigation concepts for the specimen analysed. For each of the proposed phases, we give an overview of potential key tools, e.g. helping to gain information or improve collaboration. On a higher level, we highlight challenges to cooperative analysis and our approach to handle them. In this regard, the workflow contains adoptions of principles known from agile software development methodologies. For example, Scrum is used for management of tasks and coordination, aiding the creation of a reproducible and reliable chain of results." @default.
• W1835103687 created "2016-06-24" @default.
• W1835103687 creator A5003704061 @default.
• W1835103687 creator A5012001935 @default.
• W1835103687 creator A5091875715 @default.
• W1835103687 date "2013-06-04" @default.
• W1835103687 modified "2023-09-23" @default.
• W1835103687 title "Patterns of a cooperative malware analysis workflow" @default.
• W1835103687 cites W1517055698 @default.
• W1835103687 cites W1568541228 @default.
• W1835103687 cites W1969430674 @default.
• W1835103687 cites W2024200844 @default.
• W1835103687 cites W2032843080 @default.
• W1835103687 cites W2039636434 @default.
• W1835103687 cites W2102833942 @default.
• W1835103687 cites W2116666527 @default.
• W1835103687 cites W2119251836 @default.
• W1835103687 cites W2144699258 @default.
• W1835103687 cites W2145959654 @default.
• W1835103687 cites W2156453323 @default.
• W1835103687 cites W2166863031 @default.
• W1835103687 cites W2294919332 @default.
• W1835103687 cites W765429638 @default.
• W1835103687 hasPublicationYear "2013" @default.
• W1835103687 type Work @default.
• W1835103687 sameAs 1835103687 @default.
• W1835103687 citedByCount "2" @default.
• W1835103687 countsByYear W18351036872018 @default.
• W1835103687 countsByYear W18351036872020 @default.
• W1835103687 crossrefType "proceedings-article" @default.
• W1835103687 hasAuthorship W1835103687A5003704061 @default.
• W1835103687 hasAuthorship W1835103687A5012001935 @default.
• W1835103687 hasAuthorship W1835103687A5091875715 @default.
• W1835103687 hasConcept C115903868 @default.
• W1835103687 hasConcept C120665830 @default.
• W1835103687 hasConcept C121332964 @default.
• W1835103687 hasConcept C138885662 @default.
• W1835103687 hasConcept C177212765 @default.
• W1835103687 hasConcept C185592680 @default.
• W1835103687 hasConcept C192209626 @default.
• W1835103687 hasConcept C198531522 @default.
• W1835103687 hasConcept C2522767166 @default.
• W1835103687 hasConcept C2524010 @default.
• W1835103687 hasConcept C2777256151 @default.
• W1835103687 hasConcept C2777667771 @default.
• W1835103687 hasConcept C2779395397 @default.
• W1835103687 hasConcept C28719098 @default.
• W1835103687 hasConcept C33923547 @default.
• W1835103687 hasConcept C38652104 @default.
• W1835103687 hasConcept C41008148 @default.
• W1835103687 hasConcept C41895202 @default.
• W1835103687 hasConcept C43617362 @default.
• W1835103687 hasConcept C541664917 @default.
• W1835103687 hasConcept C77088390 @default.
• W1835103687 hasConceptScore W1835103687C115903868 @default.
• W1835103687 hasConceptScore W1835103687C120665830 @default.
• W1835103687 hasConceptScore W1835103687C121332964 @default.
• W1835103687 hasConceptScore W1835103687C138885662 @default.
• W1835103687 hasConceptScore W1835103687C177212765 @default.
• W1835103687 hasConceptScore W1835103687C185592680 @default.
• W1835103687 hasConceptScore W1835103687C192209626 @default.
• W1835103687 hasConceptScore W1835103687C198531522 @default.
• W1835103687 hasConceptScore W1835103687C2522767166 @default.
• W1835103687 hasConceptScore W1835103687C2524010 @default.
• W1835103687 hasConceptScore W1835103687C2777256151 @default.
• W1835103687 hasConceptScore W1835103687C2777667771 @default.
• W1835103687 hasConceptScore W1835103687C2779395397 @default.
• W1835103687 hasConceptScore W1835103687C28719098 @default.
• W1835103687 hasConceptScore W1835103687C33923547 @default.
• W1835103687 hasConceptScore W1835103687C38652104 @default.
• W1835103687 hasConceptScore W1835103687C41008148 @default.
• W1835103687 hasConceptScore W1835103687C41895202 @default.
• W1835103687 hasConceptScore W1835103687C43617362 @default.
• W1835103687 hasConceptScore W1835103687C541664917 @default.
• W1835103687 hasConceptScore W1835103687C77088390 @default.
• W1835103687 hasOpenAccess W1835103687 @default.
• W1835103687 hasRelatedWork W146122600 @default.
• W1835103687 hasRelatedWork W1487575185 @default.
• W1835103687 hasRelatedWork W1550797871 @default.
• W1835103687 hasRelatedWork W173810287 @default.
• W1835103687 hasRelatedWork W177472682 @default.
• W1835103687 hasRelatedWork W2006862253 @default.
• W1835103687 hasRelatedWork W2055912344 @default.
• W1835103687 hasRelatedWork W2183176229 @default.
• W1835103687 hasRelatedWork W2185038246 @default.
• W1835103687 hasRelatedWork W22792996 @default.
• W1835103687 hasRelatedWork W2343251505 @default.
• W1835103687 hasRelatedWork W2395415541 @default.
• W1835103687 hasRelatedWork W2473791151 @default.
• W1835103687 hasRelatedWork W2494209491 @default.
• W1835103687 hasRelatedWork W2532184606 @default.
• W1835103687 hasRelatedWork W2891937327 @default.
• W1835103687 hasRelatedWork W3045710167 @default.
• W1835103687 hasRelatedWork W3106666180 @default.
• W1835103687 hasRelatedWork W3108972632 @default.
• W1835103687 hasRelatedWork W3208719963 @default.
• W1835103687 isParatext "false" @default.
• W1835103687 isRetracted "false" @default.

• next