Malware refers to software written with malicious intent. It is virtually impossible to use a computer these days without being affected by this problem and spending significant effort to protect against the threats it presents. The speed of innovation and development of new malware continues to increase, as does the financial cost to the Internet community. The authors of this book suggest that the speed of development has rendered traditional techniques for malware detection, analysis, and protection ineffective; they propose an automated alternative.
The authors present their architecture for dynamic binary analysis of malware. Basically, the suspect program is run in a special emulator environment, and the behavior of the code is analyzed. Chapter 1 introduces the general concepts of malware, chapter 2 explains the limitations of traditional approaches and the benefits of the proposed technique, and chapter 3 expands on the architecture of the proposed solution. Chapter 4 discusses how the fine-grained behavior of code is used to detect the presence of malware, and chapter 5 describes the authors’ approach to dynamic analysis of the code. Chapter 6 looks at analysis of the triggers in the code that activate malicious behavior. The final chapter is a general summary with concluding remarks.
The work is part of the “Springer Briefs” series, aimed at presenting short (this book is less than 100 pages) synopses on various technical topics. The authors do this quite well. Each chapter ends with a chapter summary and extensive references. There is a good table of contents, but no index (although I don’t feel one is necessary). One minor irritation is the occasional grammatical error in matching singular and plural forms that closer editing could have picked up and corrected. This does not, however, detract from the technical content.
All in all, the book presents a good concise explanation of the proposed architecture for automated detection of malware. It makes a useful little brief for quickly coming to grips with the basics of how malware works.