Using expert systems for automated analysis systems: advantages and techniques
Ryan Hicks iCSA Labs
Technical stream: Wednesday 11 October 2006, 14:00 - 14:40.
Security vendor and research organizations often rely on external sources to submit
samples and potential samples for analysis. In recent years, the amount of malware has
been increasing steadily. It has become increasingly difficult for these organizations
to deal adequately with the incoming submission load. In response to this situation,
many organizations create automated analysis systems to assist in processing incoming
submissions. Expert systems are particularly suited for the complexities of
implementing automated analysis systems.
Development and maintenance of automated analysis systems is a complex process with
two primary aspects: process control and result determination. Both aspects are often
complicated and volatile. Two of the biggest challenges are to be able to model the
human analysis process adequately and to express that process in a maintainable
fashion. This is especially difficult as changes must often be developed and deployed
under severe time constraints. Expert systems are widely used in other industries
for process control, diagnostics, and other areas where modelling human knowledge
activities is needed. Their syntax and semantics allow for the quick development and
easy maintenance of automated analysis systems.
