• Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 13
  • 5
  • 3
  • 2
  • Tagged with
  • 30
  • 30
  • 11
  • 9
  • 9
  • 9
  • 8
  • 7
  • 6
  • 5
  • 5
  • 5
  • 4
  • 4
  • 4
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
1

Categorization of Large Corpora of Malicious Software

Kura, Deekshit 20 December 2013 (has links)
Malware is computer software written by someone with mischievous or, more usually, malicious and/or criminal intent and specifically designed to damage data, hosts or networks. The variety of malware is increasing proportionally with the increase in computers and we are not aware of newly emerging malware. Tools are needed to categorize families of malware, so that analysts can compare new malware samples to ones that have been previously analyzed and determine steps to detect and prevent malware infections. In this thesis, I developed a technique to catalog and characterize the behavior of malware, so that malware families, the level of potential threat, and the effects of malware can be identified. Combinations of complementary techniques, including third-party tools, are integrated to scan and illustrate how malware may harm a target machine, search for related malware behavior, and organize malware into families, based on a number of characteristics.
2

Automatic behavioural analysis of malware

Santoro, Tiziano January 2010 (has links)
With malware becoming more and more diffused and at the same time more sophisticated in its attack techniques, countermeasures need to be set up so that new kinds of threats can be identified and dismantled in the shortest possible time, before they cause harm to the system under attack. With new behaviour patterns like the one shown by polymorphic and metamorphic viruses, static analysis is not any more a reliable way to detect those threats, and behaviour analysis seems a good candidate to fight against the next-generation families of viruses. In this project, we describe a methodology to analyze and categorize binaries solely on the basis of their behaviour, in terms of their interaction with the Operating System, other processes and network. The approach can strengten host-based intrusion detection systems by a timely classification of unkown but similar malware code. It has been evaluated on a dataset from the research community and tried on a smaller data set from local companies collected at University of Mondragone.
3

Detecting Objective-C Malware through Memory Forensics

Case, Andrew 13 May 2016 (has links)
Memory forensics is increasingly used to detect and analyze sophisticated malware. In the last decade, major advances in memory forensics have made analysis of kernel-level malware straightforward. Kernel-level malware has been favored by attackers because it essentially provides complete control over a machine. This has changed recently as operating systems vendors now routinely enforce driving signing and strategies for protecting kernel data, such as Patch Guard, have made userland attacks much more attractive to malware authors. In this thesis, new techniques for detecting userland malware written in Objective-C on Mac OS X are presented. As the thesis illustrates, Objective-C provides a rich set of APIs that malware uses to manipulate and steal data and to perform other malicious activities. The novel memory forensics techniques presented in this thesis deeply examine the state of the Objective-C runtime, identifying a number of suspicious activities, from keystroke logging to pointer swizzling.
4

Arquitetura distribuída e automatizada para mitigação de botnet baseada em análise dinâmica de malwares / An automated and distributed architecture for botnet mitigation based in dynamic malware analysis

Ceron, João Marcelo January 2010 (has links)
Atualmente, uma das mais sérias ameaças a segurança da Internet são as botnets. As botnets - rede de máquinas comprometidas e controladas remotamente por um atacante - caracterizam-se por serem muito dinâmicas. Frequentemente novas características são incorporadas as redes dificultando que ferramentas tradicionais tal como sistemas de antivírus e IDS sejam efetivas. Diante disso, faz-se necessário desenvolver novos mecanismos que possam complementar as atuais técnicas de defesa. Esta dissertação de mestrado apresenta uma proposta de arquitetura para uma ferramenta de mitigação e detecção de botnets baseada em assinatura de rede de máquinas comprometidas por bots. Essa arquitetura automatiza o processo de geração de assinaturas compilando informações de analisadores de malwares gratuitamente disponibilizados na Web. Além disso, utilizouse de monitoração de fluxos através da solução Netflow para identificar o comportamento de rede similar aos mapeados em arquivos maliciosos analisados. Esse comportamento mapeado sinaliza uma possível infecção de máquinas na rede monitorada. Essa identificação dispara eventos na ferramenta proposta que auxiliará o gerente a mitigar a máquina comprometida. Por fim, avaliou-se a solução proposta no contexto de uma grande rede acadêmica: da própria Universidade Federal do Rio Grande do Sul (UFRGS). Os resultados alcançados por essa solução permitiram concluir que 1,5% dos controladores ficam por um longo período (52 dias) realizando atividades maliciosas e, também, observouse um pequeno grupo de controladores responsáveis pela administração de uma grande quantidade de máquinas. / Currently, botnets are one of the most serious threats of Internet security. The botnets - network of compromissed machines remotely controlled by an attacker - are being very dynamic threats. Often new features are incorporated into thismalicious networksmaking hard for traditional tools, such as antivirus and IDS, to be effective. Therefore, it is necessary to develop new mechanisms that can complement the current defense techniques. This dissertation presents an architecture for a tool for botnet mitigation and detection. The tool is based in network signature obtained from bot compromissed machine’s. This architecture automates the process of signature generation compiling information from online malwares analyze tools. Furthermore, flows monitoring tools was used to identify similar behavior to those mapped in malware (bot) analyzed by the system. This mapped behavior in flows indicates possible compromissed machines, with this, the system triggers events to help the security manager to mitigate the compromissed machines. Finally, the proposed solution was evaluated in a academic network: in the Federal University of Rio Grande do Sul. The results achieved by this solution helped to observe that more than 1.5% of the botnet controllers’s remain active for a long period of time (52 days) performing malicious activities. Also, was observed a small group of controllers responsible for the adminstration of a large number of compromissed machines.
5

Flexible Analyst Defined Viewpoint for Malware Relationship Analysis

January 2014 (has links)
abstract: The rate at which new malicious software (Malware) is created is consistently increasing each year. These new malwares are designed to bypass the current anti-virus countermeasures employed to protect computer systems. Security Analysts must understand the nature and intent of the malware sample in order to protect computer systems from these attacks. The large number of new malware samples received daily by computer security companies require Security Analysts to quickly determine the type, threat, and countermeasure for newly identied samples. Our approach provides for a visualization tool to assist the Security Analyst in these tasks that allows the Analyst to visually identify relationships between malware samples. This approach consists of three steps. First, the received samples are processed by a sandbox environment to perform a dynamic behavior analysis. Second, the reports of the dynamic behavior analysis are parsed to extract identifying features which are matched against other known and analyzed samples. Lastly, those matches that are determined to express a relationship are visualized as an edge connected pair of nodes in an undirected graph. / Dissertation/Thesis / Masters Thesis Computer Science 2014
6

Evaluating tool based automated malware analysis through persistence mechanism detection

Webb, Matthew S. January 1900 (has links)
Master of Science / Department of Computer Science / Eugene Vasserman / Since 2014 there have been over 120 million new malicious programs registered every year. Due to the amount of new malware appearing every year, analysts have automated large sections of the malware reverse engineering process. Many automated analysis systems are created by re-implementing analysis techniques rather than automating existing tools that utilize the same techniques. New implementations take longer to create and do not have the same proven quality as a tool that evolved alongside malware for many years. The goal of this study is to assess the efficiency and effectiveness of using existing tools for the application of automated malware analysis. This study focuses on the problem of discovering how malware persists on an infected system. Six tools are chosen based on their usefulness in manual analysis for revealing different persistence techniques employed by malware. The functions of these tools are automated in a fashion that emulates how they can be manually utilized, resulting in information about a tested sample. These six tools are tested against a collection of actual malware samples, pulled from malware families that are known for employing various persistence techniques. The findings are then scanned for indicators of persistence. The results of these tests are used to determine the smallest tool subset that discovers the largest range of persistence mechanisms. For each tool, implementation difficulty is compared to the number of indicators discovered to reveal the effectiveness of similar tools for future analysis applications. The conclusion is that while the tools covered a wide range of persistence mechanisms, the standalone tools that were designed with scripting in mind were more effective than those with multiple system requirements or those with only a graphical interface. It was also discovered that the automation process limits functionality of some tools, as they are designed for analyst interaction. Regaining the tools’ functionality lost from automation to use them for other reverse engineering applications could be cumbersome and could require necessary implementation overhauls. Finally, the more successful tools were able to detect a broader range of techniques, while some less successful tools could only detect a portion of the same techniques. This study concludes that while an analysis system can be created by automating existing tools, the characteristics of the tools chosen impact the workload required to automate them. A well-documented tool that is controllable through a command line interface that offers many configuration options will require less work for an analyst to automate than a tool with little documentation that can only be controlled through a graphical interface.
7

Arquitetura distribuída e automatizada para mitigação de botnet baseada em análise dinâmica de malwares / An automated and distributed architecture for botnet mitigation based in dynamic malware analysis

Ceron, João Marcelo January 2010 (has links)
Atualmente, uma das mais sérias ameaças a segurança da Internet são as botnets. As botnets - rede de máquinas comprometidas e controladas remotamente por um atacante - caracterizam-se por serem muito dinâmicas. Frequentemente novas características são incorporadas as redes dificultando que ferramentas tradicionais tal como sistemas de antivírus e IDS sejam efetivas. Diante disso, faz-se necessário desenvolver novos mecanismos que possam complementar as atuais técnicas de defesa. Esta dissertação de mestrado apresenta uma proposta de arquitetura para uma ferramenta de mitigação e detecção de botnets baseada em assinatura de rede de máquinas comprometidas por bots. Essa arquitetura automatiza o processo de geração de assinaturas compilando informações de analisadores de malwares gratuitamente disponibilizados na Web. Além disso, utilizouse de monitoração de fluxos através da solução Netflow para identificar o comportamento de rede similar aos mapeados em arquivos maliciosos analisados. Esse comportamento mapeado sinaliza uma possível infecção de máquinas na rede monitorada. Essa identificação dispara eventos na ferramenta proposta que auxiliará o gerente a mitigar a máquina comprometida. Por fim, avaliou-se a solução proposta no contexto de uma grande rede acadêmica: da própria Universidade Federal do Rio Grande do Sul (UFRGS). Os resultados alcançados por essa solução permitiram concluir que 1,5% dos controladores ficam por um longo período (52 dias) realizando atividades maliciosas e, também, observouse um pequeno grupo de controladores responsáveis pela administração de uma grande quantidade de máquinas. / Currently, botnets are one of the most serious threats of Internet security. The botnets - network of compromissed machines remotely controlled by an attacker - are being very dynamic threats. Often new features are incorporated into thismalicious networksmaking hard for traditional tools, such as antivirus and IDS, to be effective. Therefore, it is necessary to develop new mechanisms that can complement the current defense techniques. This dissertation presents an architecture for a tool for botnet mitigation and detection. The tool is based in network signature obtained from bot compromissed machine’s. This architecture automates the process of signature generation compiling information from online malwares analyze tools. Furthermore, flows monitoring tools was used to identify similar behavior to those mapped in malware (bot) analyzed by the system. This mapped behavior in flows indicates possible compromissed machines, with this, the system triggers events to help the security manager to mitigate the compromissed machines. Finally, the proposed solution was evaluated in a academic network: in the Federal University of Rio Grande do Sul. The results achieved by this solution helped to observe that more than 1.5% of the botnet controllers’s remain active for a long period of time (52 days) performing malicious activities. Also, was observed a small group of controllers responsible for the adminstration of a large number of compromissed machines.
8

Arquitetura distribuída e automatizada para mitigação de botnet baseada em análise dinâmica de malwares / An automated and distributed architecture for botnet mitigation based in dynamic malware analysis

Ceron, João Marcelo January 2010 (has links)
Atualmente, uma das mais sérias ameaças a segurança da Internet são as botnets. As botnets - rede de máquinas comprometidas e controladas remotamente por um atacante - caracterizam-se por serem muito dinâmicas. Frequentemente novas características são incorporadas as redes dificultando que ferramentas tradicionais tal como sistemas de antivírus e IDS sejam efetivas. Diante disso, faz-se necessário desenvolver novos mecanismos que possam complementar as atuais técnicas de defesa. Esta dissertação de mestrado apresenta uma proposta de arquitetura para uma ferramenta de mitigação e detecção de botnets baseada em assinatura de rede de máquinas comprometidas por bots. Essa arquitetura automatiza o processo de geração de assinaturas compilando informações de analisadores de malwares gratuitamente disponibilizados na Web. Além disso, utilizouse de monitoração de fluxos através da solução Netflow para identificar o comportamento de rede similar aos mapeados em arquivos maliciosos analisados. Esse comportamento mapeado sinaliza uma possível infecção de máquinas na rede monitorada. Essa identificação dispara eventos na ferramenta proposta que auxiliará o gerente a mitigar a máquina comprometida. Por fim, avaliou-se a solução proposta no contexto de uma grande rede acadêmica: da própria Universidade Federal do Rio Grande do Sul (UFRGS). Os resultados alcançados por essa solução permitiram concluir que 1,5% dos controladores ficam por um longo período (52 dias) realizando atividades maliciosas e, também, observouse um pequeno grupo de controladores responsáveis pela administração de uma grande quantidade de máquinas. / Currently, botnets are one of the most serious threats of Internet security. The botnets - network of compromissed machines remotely controlled by an attacker - are being very dynamic threats. Often new features are incorporated into thismalicious networksmaking hard for traditional tools, such as antivirus and IDS, to be effective. Therefore, it is necessary to develop new mechanisms that can complement the current defense techniques. This dissertation presents an architecture for a tool for botnet mitigation and detection. The tool is based in network signature obtained from bot compromissed machine’s. This architecture automates the process of signature generation compiling information from online malwares analyze tools. Furthermore, flows monitoring tools was used to identify similar behavior to those mapped in malware (bot) analyzed by the system. This mapped behavior in flows indicates possible compromissed machines, with this, the system triggers events to help the security manager to mitigate the compromissed machines. Finally, the proposed solution was evaluated in a academic network: in the Federal University of Rio Grande do Sul. The results achieved by this solution helped to observe that more than 1.5% of the botnet controllers’s remain active for a long period of time (52 days) performing malicious activities. Also, was observed a small group of controllers responsible for the adminstration of a large number of compromissed machines.
9

Cognitive Malice Representation and Identification

Musgrave, John 21 October 2019 (has links)
No description available.
10

CloudIntell: An intelligent malware detection system

Mirza, Qublai K.A., Awan, Irfan U., Younas, M. 25 July 2017 (has links)
Yes / Enterprises and individual users heavily rely on the abilities of antiviruses and other security mechanisms. However, the methodologies used by such software are not enough to detect and prevent most of the malicious activities and also consume a huge amount of resources of the host machine for their regular oper- ations. In this paper, we propose a combination of machine learning techniques applied on a rich set of features extracted from a large dataset of benign and malicious les through a bespoke feature extraction tool. We extracted a rich set of features from each le and applied support vector machine, decision tree, and boosting on decision tree to get the highest possible detection rate. We also introduce a cloud-based scalable architecture hosted on Amazon web services to cater the needs of detection methodology. We tested our methodology against di erent scenarios and generated high achieving results with lowest energy con- sumption of the host machine.

Page generated in 0.1167 seconds