haku: @supervisor Asokan, N / yhteensä: 17
viite: 1 / 17
« edellinen | seuraava »
| Tekijä: | Srinivaasan, Gayathri |
| Työn nimi: | Malicious Entity Categorization using Graph modeling |
| Skadling entity kategorisering med andvändning graf modellering | |
| Julkaisutyyppi: | Diplomityö |
| Julkaisuvuosi: | 2016 |
| Sivut: | 60 Kieli: eng |
| Koulu/Laitos/Osasto: | Perustieteiden korkeakoulu |
| Oppiaine: | Cloud Computing and Services (T-110) |
| Valvoja: | Asokan, N |
| Ohjaaja: | Marchal, Samuel ; Ranta-aho, Perttu |
| Elektroninen julkaisu: | http://urn.fi/URN:NBN:fi:aalto-201611025405 |
| Sijainti: | P1 Ark Aalto 4768 | Arkisto |
| Avainsanat: | malware graph modeling graph mining graph traversal malware classification klassificering graf modellering graf gruvdrift dataöverföring nyttolast |
| Tiivistelmä (eng): | Today, malware authors not only write malicious software but also employ ob- fuscation, polymorphism, packing and endless such evasive techniques to escape detection by Anti-Virus Products (AVP). Besides the individual behavior of mal- ware, the relations that exist among them play an important role for improving malware detection. This work aims to enable malware analysts at F-Secure Labs to explore various such relationships between malicious URLs and file samples in addition to their individual behavior and activity. The current detection methods at F-Secure Labs analyze unknown URLs and file samples independently with- out taking into account the correlations that might exist between them. Such traditional classification methods perform well but are not efficient at identifying complex multi-stage malware that hide their activity. The interactions between malware may include any type of network activity, dropping, downloading, etc. For instance, an unknown downloader that connects to a malicious website which in turn drops a malicious payload, should indeed be blacklisted. Such analysis can help block the malware infection at its source and also comprehend the whole infection chain. The outcome of this proof-of-concept study is a system that detects new malware using graph modeling to infer their relationship to known malware as part of the malware classification services at F-Secure. |
| ED: | 2016-11-13 |
INSSI tietueen numero: 54936
+ lisää koriin
« edellinen | seuraava »
INSSI