Abstract:
With the growing sophistication of the cyber threats, the Security Operations Center (SOC) Level
1 (L1) analysts assume a greater role in detection and mitigation of such threats. But manual processes
that SOC L1 analysts are currently using to query different sources of threat intelligence, perform malware
analysis and create Indicators of Compromise (IOCs) are both error-prone and labor-intensive. This thesis
suggests the devising of the system of Integrated Malware Detection and Analysis which is meant to
mechanize these processes and make the work of SOC L1 analysts more efficient and precise.
The offered solution accelerates real-time threat intelligence aggregators with several providers like
VirusTotal, AbuseIPDB, ThreatFox, etc. and returns AI-driven analysis including automatic malware
detection and creation of IOCs. By connecting with Safety Information and Event Administration (SIEM)
devices, such as Wazuh, the system can be used to associate threat information, automatically reacting to
incidents and effectively managing cases. This saves a lot of time to respond to incidents and also chances
of making mistakes.
The system is expected to boost the operational efficiency of the research and apply the unified
threat intelligence aggregation, machine-assisted malware analysis, and live incident responders. The study
lays out how the system is designed, developed and used, with the aim to stimulate the community in terms
of the potential of the system to offer proactive, efficient, and scalable solutions to the problems experienced
by SOC L1 analysts in the current cybersecurity environment.
