haku: @supervisor Asokan, N / yhteensä: 17
viite: 1 / 17
« edellinen | seuraava »
Tekijä: | Srinivaasan, Gayathri |
Työn nimi: | Malicious Entity Categorization using Graph modeling |
Skadling entity kategorisering med andvändning graf modellering | |
Julkaisutyyppi: | Diplomityö |
Julkaisuvuosi: | 2016 |
Sivut: | 60 Kieli: eng |
Koulu/Laitos/Osasto: | Perustieteiden korkeakoulu |
Oppiaine: | Cloud Computing and Services (T-110) |
Valvoja: | Asokan, N |
Ohjaaja: | Marchal, Samuel ; Ranta-aho, Perttu |
Elektroninen julkaisu: | http://urn.fi/URN:NBN:fi:aalto-201611025405 |
Sijainti: | P1 Ark Aalto 4768 | Arkisto |
Avainsanat: | malware graph modeling graph mining graph traversal malware classification klassificering graf modellering graf gruvdrift dataöverföring nyttolast |
Tiivistelmä (eng): | Today, malware authors not only write malicious software but also employ ob- fuscation, polymorphism, packing and endless such evasive techniques to escape detection by Anti-Virus Products (AVP). Besides the individual behavior of mal- ware, the relations that exist among them play an important role for improving malware detection. This work aims to enable malware analysts at F-Secure Labs to explore various such relationships between malicious URLs and file samples in addition to their individual behavior and activity. The current detection methods at F-Secure Labs analyze unknown URLs and file samples independently with- out taking into account the correlations that might exist between them. Such traditional classification methods perform well but are not efficient at identifying complex multi-stage malware that hide their activity. The interactions between malware may include any type of network activity, dropping, downloading, etc. For instance, an unknown downloader that connects to a malicious website which in turn drops a malicious payload, should indeed be blacklisted. Such analysis can help block the malware infection at its source and also comprehend the whole infection chain. The outcome of this proof-of-concept study is a system that detects new malware using graph modeling to infer their relationship to known malware as part of the malware classification services at F-Secure. |
ED: | 2016-11-13 |
INSSI tietueen numero: 54936
+ lisää koriin
« edellinen | seuraava »
INSSI