Comparative Review of Malware Analysis Methodologies
It addresses the need for effective methodologies in malware analysis, which is crucial for cybersecurity professionals, but is incremental as it builds on existing frameworks.
This paper compares two existing malware analysis methodologies, SAMA and MARE, by applying them to a modern malware specimen to assess their adequacy and identify potential procedural optimizations.
To fight against the evolution of malware and its development, the specific methodologies that are applied by the malware analysts are crucial. Yet, this is something often overlooked in the relevant bibliography or in the formal and informal training of the relevant professionals. There are only two generic and all-encompassing structured methodologies for Malware Analysis (MA) - SAMA and MARE. The question is whether they are adequate and there is no need for another one or whether there is no such need at all. This paper will try to answer the above and it will contribute in the following ways: it will present, compare and dissect those two malware analysis methodologies, it will present their capacity for analysing modern malware by applying them on a random modern specimen and finally, it will conclude on whether there is a procedural optimization for malware analysis over the evolution of these two methodologies.