TWMAN

TWMAN

臺灣惡意程式分析網,英文名稱為Taiwan Malware Analysis Net,簡稱『TWMAN』,是國家高速網路與計算中心於2010年開始執行之惡意程式分析技術研發專案。

TWMAN是一套基於Truman所發展的自由軟體。國網中心利用自行開發的Clonezilla再生龍還原系統來提昇Truman的運作效率,並透過系統流程的改良,達成全自動化的惡意程式分析平台。

TWMAN開發的目的,是為了提供資訊安全研究人員一個自動化的惡意程式行為分析平台;能夠檢測與分析惡意程式對於系統與網路做造成的影響,並利用自動化資訊收集的方式,進行系統執行程序、記憶體資訊採集、網路行為與封包側錄...等工作。

TWMAN這一個專案計畫仍在持續進行中,未來會繼續開發新的惡意程式分析模組,期望可以提供更方便的惡意程式分析方式以及多元化的服務資訊來讓資訊人員以及資安研究人員參考。

  

註:Truman,The Reusable Unknown Malware Analysis Net,是由Joe Stewar於2006年所開發之惡意程式分析系統,相關資訊詳見:http://www.secureworks.com/research/tools/truman/。

-----------------------------------------------------------------------------------------------------------------------------------------------------------------

 

Taiwan Malware Analysis Net (TWMAN) is a software project developed by National Center of High-Performance Computing since 2010.Taiwan Malware Analysis Net (TWMAN) is an automated platform featured by analyzing malicious software in a physical operating system. TWMAN could collect detail behavior information in an efficient and reliable means against all kinds of malwares, including those using anti-VM techniques.

 

A full-functional and physical operating system of client-based environment is used by TWMAN for malware analysis. TWMAN collects malware behavior by verifying file system integrity and network traffic. Besides that, this client-side system of TWMAN could be restored easily and automatically in just a few minutes and ready for next malware sample. It makes TWMAN featured by not only being able to deal with all kinds of malware, but also keep high efficiency, the strength of sandbox technique.