The landscape of cyber security has changed over the past decade from one of disruption and destruction of data to one of espionage and stealth attacks. The current approach is for malware to disguise itself as a non-threatening piece of code in order to bypass detection. The predominant obfuscation technique is that of Packing. Using this approach, malicious files encrypt and compress the malevolent code and store it within the contents of another executable whose sole purpose is to decrypt and execute the code. Utilising this approach removes any mal ware signatures or signs of nefarious intent, as the code is now scrambled. A large number of packers are available online for use or customisation which helps to explain why the vast majority of malware found in the wild is discovered in packed form The research in this thesis addresses the issue of uncovering those executable files which are packed. Being able to detect a packed executable file is a strong indicator that it is potentially a piece of mal ware. The approaches examined in this thesis utilise static analysis techniques to inspect the contents of a suspicious file so it can be classified as packed or non-packed. Utilising this approach does not require the file to be' executed at any stage and therefore minimises the computational overheads associated with doing so as well as reducing the risk of an infection caused by a running instance of mal ware. The use on entropy scoring as a metric for classification is examined and extended upon to produce new detection methodologies. This work also utilises steganalysis techniques to aid in the detection of packed executables with an impressive outcome. The research has contributed new effective methods for malware detection while significantly reducing the complexity and cost for detection.
| Identifer | oai:union.ndltd.org:bl.uk/oai:ethos.bl.uk:669655 |
| Date | January 2014 |
| Creators | Burgess, Colin James |
| Publisher | Queen's University Belfast |
| Source Sets | Ethos UK |
| Detected Language | English |
| Type | Electronic Thesis or Dissertation |
Page generated in 0.0016 seconds