INTEGRATED MALWARE DETECTION AND ANALYSIS SYSTEM FOR SOC L1 ANALYSTS

Abstract

With the growing sophistication of the cyber threats, the Security Operations Center (SOC) Level 1 (L1) analysts assume a greater role in detection and mitigation of such threats. But manual processes that SOC L1 analysts are currently using to query different sources of threat intelligence, perform malware analysis and create Indicators of Compromise (IOCs) are both error-prone and labor-intensive. This thesis suggests the devising of the system of Integrated Malware Detection and Analysis which is meant to mechanize these processes and make the work of SOC L1 analysts more efficient and precise. The offered solution accelerates real-time threat intelligence aggregators with several providers like VirusTotal, AbuseIPDB, ThreatFox, etc. and returns AI-driven analysis including automatic malware detection and creation of IOCs. By connecting with Safety Information and Event Administration (SIEM) devices, such as Wazuh, the system can be used to associate threat information, automatically reacting to incidents and effectively managing cases. This saves a lot of time to respond to incidents and also chances of making mistakes. The system is expected to boost the operational efficiency of the research and apply the unified threat intelligence aggregation, machine-assisted malware analysis, and live incident responders. The study lays out how the system is designed, developed and used, with the aim to stimulate the community in terms of the potential of the system to offer proactive, efficient, and scalable solutions to the problems experienced by SOC L1 analysts in the current cybersecurity environment.