search query: @supervisor Asokan, N / total: 17
reference: 1 / 17
« previous | next »
Author: | Srinivaasan, Gayathri |
Title: | Malicious Entity Categorization using Graph modeling |
Skadling entity kategorisering med andvändning graf modellering | |
Publication type: | Master's thesis |
Publication year: | 2016 |
Pages: | 60 Language: eng |
Department/School: | Perustieteiden korkeakoulu |
Main subject: | Cloud Computing and Services (T-110) |
Supervisor: | Asokan, N |
Instructor: | Marchal, Samuel ; Ranta-aho, Perttu |
Electronic version URL: | http://urn.fi/URN:NBN:fi:aalto-201611025405 |
Location: | P1 Ark Aalto 4768 | Archive |
Keywords: | malware graph modeling graph mining graph traversal malware classification klassificering graf modellering graf gruvdrift dataöverföring nyttolast |
Abstract (eng): | Today, malware authors not only write malicious software but also employ ob- fuscation, polymorphism, packing and endless such evasive techniques to escape detection by Anti-Virus Products (AVP). Besides the individual behavior of mal- ware, the relations that exist among them play an important role for improving malware detection. This work aims to enable malware analysts at F-Secure Labs to explore various such relationships between malicious URLs and file samples in addition to their individual behavior and activity. The current detection methods at F-Secure Labs analyze unknown URLs and file samples independently with- out taking into account the correlations that might exist between them. Such traditional classification methods perform well but are not efficient at identifying complex multi-stage malware that hide their activity. The interactions between malware may include any type of network activity, dropping, downloading, etc. For instance, an unknown downloader that connects to a malicious website which in turn drops a malicious payload, should indeed be blacklisted. Such analysis can help block the malware infection at its source and also comprehend the whole infection chain. The outcome of this proof-of-concept study is a system that detects new malware using graph modeling to infer their relationship to known malware as part of the malware classification services at F-Secure. |
ED: | 2016-11-13 |
INSSI record number: 54936
+ add basket
« previous | next »
INSSI