Efficient Threat Hunting Methodology for Analyzing Malicious Binaries in Windows Platform

Ahmed Elmesiry, Mirela Sertovic, Mamoun Qasem

    Research output: Chapter in Book/Report/Conference proceedingChapterpeer-review


    The rising cyber threat puts organizations and ordinary users at risk of data breaches. In many cases, Early detection can hinder the occurrence of these incidents or even prevent a full compromise of all internal systems. The existing security controls such as firewalls and intrusion prevention systems are constantly blocking numerous intrusions attempts that happen on a daily basis. However, new situations may arise where these security controls are not sufficient to provide full protection. There is a necessity to establish a threat hunting methodology that can assist investigators and members of the incident response team to analyse malicious binaries quickly and efficiently. The methodology proposed in this research is able to distinguish malicious binaries from benign binaries using a quick and efficient methodology. The proposed methodology consists of static and dynamic hunting techniques. Using these hunting techniques, the proposed methodology is not only capable of identifying a range of signature-based anomalies but also to pinpoint behavioural anomalies that arise in the operating system when malicious binaries are triggered. Static hunting can describe any extracted artifacts as malicious depending on a set of pre-defined patterns of malicious software. Dynamic hunting can assist investigators in finding behavioural anomalies. This work focuses on applying the proposed threat hunting methodology on samples of malicious binaries, which can be found in common malware repositories and presenting the results
    Original languageEnglish
    Title of host publicationLecture Notes in Computer Science
    EditorsHakim Hacid, Fatma Outay, Hye-young Paik, Amira Alloum, Marinella Petrocchi, Mohamed Reda Bouadjenek, Amin Beheshti, Xumin Liu, Abderrahmane Maaradji
    Place of PublicationService-Oriented Computing – ICSOC 2020 Workshops
    Number of pages15
    ISBN (Electronic)978-3-030-76352-7
    ISBN (Print)978-3-030-76351-0
    Publication statusPublished - 30 May 2021

    Publication series

    NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
    Volume12632 LNCS
    ISSN (Print)0302-9743
    ISSN (Electronic)1611-3349


    • Malicious Binaries
    • Malware
    • Threat Hunting
    • Digital Investigations


    Dive into the research topics of 'Efficient Threat Hunting Methodology for Analyzing Malicious Binaries in Windows Platform'. Together they form a unique fingerprint.

    Cite this