|
|
High-Performance Platform for Malware Research
Plaskoň, Pavol ; Bartík, Vladimír (referee) ; Kolář, Dušan (advisor)
Anti-malware companies analyze large number of files every day. In order to speed up their analysis, many automatized tools were implemented. Detection definitions that detect malicious software are often generated automatically. Information about currently spreading malware is scattered across several tools and they are sometimes too generic. This work proposes a new tool that will aggregate, prioritize, and evaluate all the available information. Due to large amount of incoming data, high performance and scalability of the system is necessary. Files, detection definitions, and other objects will be tagged using the given information directly or inferred. Collected information will be accessible via interface for further analysis and statistics. Everything was implemented, tested and put into production.
|
|
|
Improving an Existing System for Clustering Binary Files
Plaskoň, Pavol ; Ryšavý, Ondřej (referee) ; Kolář, Dušan (advisor)
The increase in the amount of information requires advanced processing of data. One of such methods is cluster analysis. It is a process of classification of objects based on their similarity. Anti-malware companies analyze large amount of files every day. In order to speed up their analysis, a cluster-analysis tool was implemented in AVG Technologies. The goal of this work is to improve this tool for clustering binary files by adding support and heuristics for cluster analysis of APK and DEX file formats. Apart from the newly added support for APK and DEX files, the tool has been extended to support cluster analysis of archives. Everything was tested and put into production.
|
|
|
High-Performance Platform for Malware Research
Plaskoň, Pavol ; Bartík, Vladimír (referee) ; Kolář, Dušan (advisor)
Anti-malware companies analyze large number of files every day. In order to speed up their analysis, many automatized tools were implemented. Detection definitions that detect malicious software are often generated automatically. Information about currently spreading malware is scattered across several tools and they are sometimes too generic. This work proposes a new tool that will aggregate, prioritize, and evaluate all the available information. Due to large amount of incoming data, high performance and scalability of the system is necessary. Files, detection definitions, and other objects will be tagged using the given information directly or inferred. Collected information will be accessible via interface for further analysis and statistics. Everything was implemented, tested and put into production.
|
|
|
Improving an Existing System for Clustering Binary Files
Plaskoň, Pavol ; Ryšavý, Ondřej (referee) ; Kolář, Dušan (advisor)
The increase in the amount of information requires advanced processing of data. One of such methods is cluster analysis. It is a process of classification of objects based on their similarity. Anti-malware companies analyze large amount of files every day. In order to speed up their analysis, a cluster-analysis tool was implemented in AVG Technologies. The goal of this work is to improve this tool for clustering binary files by adding support and heuristics for cluster analysis of APK and DEX file formats. Apart from the newly added support for APK and DEX files, the tool has been extended to support cluster analysis of archives. Everything was tested and put into production.
|
guest ::
