search query: @keyword malware classification / total: 2
reference: 1 / 2
« previous | next »
| Author: | Srinivaasan, Gayathri |
| Title: | Malicious Entity Categorization using Graph modeling |
| Skadling entity kategorisering med andvändning graf modellering | |
| Publication type: | Master's thesis |
| Publication year: | 2016 |
| Pages: | 60 Language: eng |
| Department/School: | Perustieteiden korkeakoulu |
| Main subject: | Cloud Computing and Services (T-110) |
| Supervisor: | Asokan, N |
| Instructor: | Marchal, Samuel ; Ranta-aho, Perttu |
| Electronic version URL: | http://urn.fi/URN:NBN:fi:aalto-201611025405 |
| Location: | P1 Ark Aalto 4768 | Archive |
| Keywords: | malware graph modeling graph mining graph traversal malware classification klassificering graf modellering graf gruvdrift dataöverföring nyttolast |
| Abstract (eng): | Today, malware authors not only write malicious software but also employ ob- fuscation, polymorphism, packing and endless such evasive techniques to escape detection by Anti-Virus Products (AVP). Besides the individual behavior of mal- ware, the relations that exist among them play an important role for improving malware detection. This work aims to enable malware analysts at F-Secure Labs to explore various such relationships between malicious URLs and file samples in addition to their individual behavior and activity. The current detection methods at F-Secure Labs analyze unknown URLs and file samples independently with- out taking into account the correlations that might exist between them. Such traditional classification methods perform well but are not efficient at identifying complex multi-stage malware that hide their activity. The interactions between malware may include any type of network activity, dropping, downloading, etc. For instance, an unknown downloader that connects to a malicious website which in turn drops a malicious payload, should indeed be blacklisted. Such analysis can help block the malware infection at its source and also comprehend the whole infection chain. The outcome of this proof-of-concept study is a system that detects new malware using graph modeling to infer their relationship to known malware as part of the malware classification services at F-Secure. |
| ED: | 2016-11-13 |
INSSI record number: 54936
+ add basket
« previous | next »
INSSI