SCARECROW: Scalable Malware Reporting, Detection and Analysis 1 Osamah L. Barakat, 2 S. J. Hashim, 2 R.S.A., 2 Abdul Rahman Ramli, 2 Fazirulhisyam Hashim, 2 Khairulmizam Samsudin, 3 Ibrahim Ahmed Al-baltah, 2 Mohammed Mustafa Al-Habshi *1 Faculty of Computer and Information Technology, Sana’a University, o.barakat@su.edu.ye 2 Faculty of Engineering, Universiti Putra Malaysia, sjh@upm.edu.my 3 Faculty of Computer Science and Information Technology, Universiti Putra Malaysia, abou_amel@yahoo.com Abstract Malware is the main computer security threat that can cause damage to user’s devices and company’s infrastructure. End users who want to download executable files from the Internet are currently presented by a binary choice (OK or Cancel) but there is no viable third alternative for uncertainty (Not Sure). Reporting to any security agency or company for status inquiry regarding executable files normally lack of efficiency in terms of reporting back to the users in a timely manner. As a consequence, developing a more efficient approach that provide a prompt response to the users on reported suspicious files is important in order to encourage more end users engagement in malware reporting thus ultimately reducing the number of unknown malware in the wild. This study proposes a new automatic and scalable malware analyzer that is able to quickly scrutinize and help generate report for each malware detected. The implementation of the approach includes both the client (user’s system) and the backend processing (security agency). The client side provides a user friendly and integrated reporting mechanism. The backend is based on both static and dynamic analysis for comprehensive malware detection and profiling. The backend utilizes cloud computing infrastructure to scale, speed up and automate the overall analysis and feedback processes. The system provides a win-win situation for both end user and security agency by providing sustainable and successful symbiotic anti-malware eco-system. Keywords: Malware, Malware analysis, Virtual machines, Cloud computing, Scalability 1. Introduction Nowadays, cloud computing has emerged as one of the leading Information Technology (IT) paradigms [1], [2]. As with any expanding IT technology, this comes with many advantages such as scalability, power efficiency, and effective resource management [3]. Furthermore, one of the essential advantages of cloud computing is outsourcing, meaning that intensive operations are moved from desktops to more powerful machines which provide major improvements in performance. The last two decades have witnessed accelerating yet paced Internet-based applications from peer- to-peer to social networking. At the same time, the availability of the Internet has seen the global proliferation of malicious software such as trojans, viruses and worms. The Internet has becomes a suitable environment for proliferation of application software which include both the useful and the dangerous. Thus, computer and mobile device maintenance requires protection from malwares. For example, according to a report [4], there were 5.5 billion attacks blocked in 2011 compared to only 3 billion attacks in 2010. New malwares are now introduced on a daily basis. Unfortunately, the popularity of peer-to-peer networking and social networking accelerate their distribution because users are sharing programs or executable files that can be malicious if installed inside their computer and mobile devices [5]. Alerting users to malware before downloading the executable file is more highly desirable than ever to prevent security incident. This is not an easy task since introducing knowledge of submitted Journal of Convergence Information Technology(JCIT) Volume8, Number14, September 2013 SCARECROW: Scalable Malware Reporting, Detection and Analysis Osamah L. Barakat, S. J. Hashim, R.S.A., Abdul Rahman Ramli, Fazirulhisyam Hashim, Khairulmizam Samsudin, Ibrahim Ahmed Al-baltah, Mohammed Mustafa Al-Habshi 1