GTRI

Apiary

The Apiary Project

Apiary Logo

The Cyber Technology and Information Security Laboratory (CTISL) at GTRI provides a dynamic framework for malicious software analysis. Apiary (formely Titan) helps minimize the time spent mining intelligence from malware so you can focus on proactive defenses. Apiary is an intelligent framework that enables users to conduct countless varieties of analysis across millions of samples of malware. It provides an immediate response for threat identification and analysis and is continuously evolving with the threat landscape and our clients' needs. The Apiary community ensures that actionable intelligence disseminates quickly among organizations, ensuring rapid reaction to increasingly agile threats.

Our Approach

Apiary was developed by GTRI experts and relies on a community of participants whose anonymity is strictly maintained. The Apiary community enhances research and analysis with industry and technology-specific information. Members can search malware samples based on industry, specific network domains and even develop and share their own analysis module.

Titan GridApiary users may quickly and easily pass samples of both known and unknown type to the system, which automatically processes them according to file type and user request, and produces dynamic reports within minutes. Unlike traditional malware analysis platforms, Apiar does not define a static set of analysis methods. Instead, the framework allows members to add, remove and modify "pluggable" analysis modules to suit analysis needs over time.

Unique Advantages of Apiary

The Apiary framework automatically ingests processes and stores malware samples and associated intelligence data in a highly efficient manner.

Additional advantages of joining Apiary include:

  • Information sharing - rather than trying to develop your own tool for analyzing large amounts of malware or relying on traditional, single-sample analysis from others, Apiary does the work for you, and enhances your understanding of malware with insights from other participants.
  • Transparent malware analysis - unlike de facto standards for malware analysis, Apiary utilizes a cutting-edge, hardware-virtualization technique developed at Georgia Tech to ensure correct and transparent analysis.
  • File type support  - Apiary is capable of supporting a wide variety of file types, supported directly through its analysis modules. Modules are constantly being expanded and updated to provide the most relevant intelligence possible.
  • Dynamic reporting - Apiary reports may be generated on single samples or sample sets and scoped to any number of levels. Trend reports by organization, industry, or region are available with the option to discriminate results based on various factors. Detailed reporting is available for security operations personnel or researchers, including all raw analytical data collected through sample processing.

Read the GTRI Casestudy on Apiary (formerly Titan)>>

For project information contact Christopher Smoak, Research Scientist or apiary-info@gtri.gatech.edu.