Ryan Hicks iCSA Labs
Security vendor and research organizations often rely on external sources to submit samples and potential samples for analysis. In recent years, the amount of malware has been increasing steadily. It has become increasingly difficult for these organizations to deal adequately with the incoming submission load. In response to this situation, many organizations create automated analysis systems to assist in processing incoming submissions. Expert systems are particularly suited for the complexities of implementing automated analysis systems.
Development and maintenance of automated analysis systems is a complex process with two primary aspects: process control and result determination. Both aspects are often complicated and volatile. Two of the biggest challenges are to be able to model the human analysis process adequately and to express that process in a maintainable fashion. This is especially difficult as changes must often be developed and deployed under severe time constraints. Expert systems are widely used in other industries for process control, diagnostics, and other areas where modelling human knowledge activities is needed. Their syntax and semantics allow for the quick development and easy maintenance of automated analysis systems.