Since 2015, malicious actors have been using SVG files to obfuscate malware from potential defensive mechanisms and carry out attacks undetected through the use of smuggling tech- niques [1]. Throughout this thesis, we use the Design Science Research methodology in order to design and develop an artefact able to detect these attacks within a real network infrastruc- ture, while minimising the impact on the user experience. For the designed artefact to answer these challenges, we conduct two scoping reviews: an analysis of seven of these incidents to determine the technique used to perform the smuggling. This is followed by a map of the dif- ferent security processes available to network administrators and individuals who search for open-source technologies and aim to close the gap left by lack of these solutions. Moreover the paper proposes a SVG parser and a Random Forest classifier to extract valu- able features needed to find the malicious payloads hidden in the graphics. The performance of the artefact is analysed to determine its suitability for real-world usage and if an adequate success rate is reached. The paper finally concludes that the task of obfuscated malware de- tection is a multi-faceted problem and the artefact, while successful, is a suitable blueprint for exploring future improvements in the field.
| Identifer | oai:union.ndltd.org:UPSALLA1/oai:DiVA.org:lnu-130274 |
| Date | January 2024 |
| Creators | Ufnal, Marek, Longuevergne, Thomas |
| Publisher | Linnéuniversitetet, Institutionen för datavetenskap och medieteknik (DM) |
| Source Sets | DiVA Archive at Upsalla University |
| Language | English |
| Detected Language | English |
| Type | Student thesis, info:eu-repo/semantics/bachelorThesis, text |
| Format | application/pdf |
| Rights | info:eu-repo/semantics/openAccess |
Page generated in 0.0129 seconds