Using expert systems for automated analysis systems: advantages and techniques

Ryan Hicks iCSA Labs

Security vendor and research organizations often rely on external sources to submit samples and potential samples for analysis. In recent years, the amount of malware has been increasing steadily. It has become increasingly difficult for these organizations to deal adequately with the incoming submission load. In response to this situation, many organizations create automated analysis systems to assist in processing incoming submissions. Expert systems are particularly suited for the complexities of implementing automated analysis systems.

Development and maintenance of automated analysis systems is a complex process with two primary aspects: process control and result determination. Both aspects are often complicated and volatile. Two of the biggest challenges are to be able to model the human analysis process adequately and to express that process in a maintainable fashion. This is especially difficult as changes must often be developed and deployed under severe time constraints. Expert systems are widely used in other industries for process control, diagnostics, and other areas where modelling human knowledge activities is needed. Their syntax and semantics allow for the quick development and easy maintenance of automated analysis systems.


We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.