Malware Analysis Framework from Static to Dynamic Analysis


Today, malicious software on networks is the major threat to internet security. Analysis of the malicious software is a multi-step process that can provide insight into its structure, functionality and behaviour that can be used to create an antidote. This paper focuses on how the analysis of malicious software can be used and how details of events gathered from an infected system can be used to detect a new infection. This strategy makes it possible to detect an infection on a honeypot that has been deployed to detect zero-day attacks. This paper demonstrates the steps taken in the analysis of malicious software from static to dynamic analysis, then the same methodology is used to analyse an infection on the honeypot. The paper concludes with an explanation of the difference between the static and dynamic analysis of malicious code. 


BT Information and Security Systems Research Adastral Park, Ipswich

Fadi El-moussa joined BT in 2005 as a Network Security Professional. Before joining BT, Fadi did his PhD at Salford University in Manchester in Data Telecommunications and Network. His PhD was in detecting and mitigating DDoS attack where his PhD was focus on tunnelling approach to detect and block the attack traffic using intelligent firewall and intrusion detection. Since he joined BT, he involved in a number of Security projects: Control Plane separation, MPLS attack mitigation, Denial of Service resistance architecture, Penetration testing and evaluating of different products for BT, Fuzzing, Honeypot and Malware Analysis. He is a Certified Ethical Hacking (CEH); and Penetration Testing and Network Vulnerability Assessments (PEST).

BT Security Research Centre, United Kingdom, Adjunct Professor, Edith Cowan University

Dr. Andrew Jones. During a full military career Andy directed both Intelligence and Security operations and briefed the results at the highest level, and was awarded the MBE for his service in Northern Ireland. After 25 years service with the British Army's Intelligence Corps he became a business manager and a researcher and analyst in the area of Information Warfare and computer crime at a defence research establishment. In September 2002, on completion of a paper on a method for the metrication of the threats to information systems, he left the defence environment to take up a post as a principal lecturer at the University of Glamorgan in the subjects of Network Security and Computer Crime and as a researcher on the Threats to Information Systems and Computer Forensics.

At the University he developed and managed a well equipped Computer Forensics Laboratory and took the lead on a large number of computer investigations and data recovery tasks. In January 2005, he joined the Security Research Centre at British Telecommunications where he is currently the head of information security research. He is the author of five books on the topics of Information warfare, information security and digital forensics, and holds a Ph.D. in the area of threats to information systems. Andy is Adjunct Professor in the School of Computer and Information Science at Edith Cowan University and part of the SECAU Security Research Centre.

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

Quick Links

View the latest issue of JIW.

Latest Edition

Purchase a subscription to JIW.
















Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.


Get in touch

Registered Agent and Mailing Address

  • Journal of Information Warfare
  •  ArmisteadTEC
  • Dr Leigh Armistead, President
  • 1624 Wakefield Drive
  • Virginia Beach, VA 23455