Aiming for more efficient malware analysis and improved security-related services through solving challenges
Hitachi and the National Institute of Information and Communications Technology (NICT), through interviews of malware*1 analysts, have carried out an investigation of communication challenges faced in their analysis team roles and in collaboration inside and outside the team, and have recommended some of measures for strengthening collaboration. Incorporating the perspective of usable security*2 focused on human behavior, the research studied measures for solving challenges such as poor compatibility between analysis tools and the decline in motivation for information sharing, toward realizing more efficient malware analysis. Based on the results of the interviews Hitachi and NICT will explore more specific measures for strengthening collaboration inside and outside the malware analysis team and for achieving effective communication, while seeking to raise the level of security-related services. In addition, through investigation and understanding of a broader range of users, they will aim to realize human-centric, readily usable and safe cyberspaces.
In response to the rapid rise of cyberattacks, companies and organizations are seeking to boost their response capability by training and deploying experts in security operations. Among these experts, malware analysts play various roles in identifying attack techniques and behavior and devising countermeasures. Initiatives up to now, however, have tended to focus mainly on improving analysis techniques, with insufficient attention paid to problems arising from analysts’ behavior and communication, that is, challenges with collaboration and information sharing inside and outside the analysis team.
Turning their attention to this aspect, Hitachi and NICT through interviews with various malware analysts identified the diverse roles for which the analysis team was responsible and the collaboration inside and outside the team (Figure 1), extracting challenges hindering communication between malware analysts and their collaborators. They recommended some of measures, outlined below, for strengthening collaboration toward realizing more efficient malware analysis
Figure 1. Example of malware analysis team roles and collaboration, and benefits of strengthening collaboration
1. Standardization of analysis conventions to facilitate collaboration among malware analysts
The research discovered that compatibility across the major analysis tools is inadequate and that differences in terminology and operations hinder mutual understanding. Proposals for solving the challenge include functions for achieving compatibility and standardization of analysis conventions (naming conventions, commenting schemes, etc.) , thereby promoting smooth information sharing. The expectation is that collaboration among analysts will be made smoother by these measures, making for more efficient analysis.
2. Promoting motivation of feedback to information sharing by malware analysts
The research revealed that information sharing by malware analysts often tends to be one-way, making it difficult to appreciate the benefits of sharing. To solve this challenge, they proposed to implement several mechanisms for actively providing feedback in response to information sharing. Visualization of how the shared information is being utilized can be expected to enhance the motivation of analysts.
Based on the results of the interviews, Hitachi and NICT will explore more specific measures for strengthening collaboration inside and outside the malware analysis team and for achieving effective communication, while seeking to raise the level of security-related services. In addition, through investigation and understanding of a broader range of users, not limited to malware analysts, they will aim to realize human-centric, readily usable and safe cyberspaces.
This research is scheduled for presentation at the 2025 ACM CHI conference on Human Factors in Computing Systems (CHI),*3 one of the leading international conferences in the human-computer interaction (HCI) field.
*1 Software or code created with malicious intent
*2 Technology for analyzing user behavior, mental models, and decision-making processes, centering on the relationship between computer system security and the users of information services, and feeding the analysis back into computer system design, implementation, and operation
*3 Rei Yamagishi, Shota Fujii, Shingo Yasuda, Takayuki Sato, and Ayako A. Hasegawa. Collaborative Work in Malware Analysis: Understanding the Roles and Challenges of Malware Analysts. In Proceedings of the 2025 ACM CHI Conference on Human Factors in Computing Systems (CHI'25). April 2025.
https://chi2025.acm.org/
For more information, use the inquiry form below to contact the Research & Development Group, Hitachi, Ltd. Please make sure to include the title of the article.
https://www8.hitachi.co.jp/inquiry/hitachi-ltd/hqrd/news/en/form.jsp
