|
|
Incremental Parsing for YARA Language
Dvořák, Vojtěch ; Kolář, Dušan (referee) ; Regéciová, Dominika (advisor)
The main goal of this bachelor thesis is to design and implement a program library that enables incremental static analysis of the YARA language. One of the main purposes of this new library is to integrate with the open-source Yara Language Server project developed by Avast. Compared to the existing solution, which uses a non-incremental approach to analysis, the machine time requirements should be reduced. In addition to information about the software solution, this thesis also includes a summary of the theory focusing on static analysis and its incremental variant, essential information about the YARA tool, and an introduction to the existing solution, the Yaramod-v3 library. The thesis also contains a comparison of the new library with the current solution, in which the achieved results are presented. The experiments performed showed that the new library is able to perform incremental analysis of a modified rule set approximately 20× – 2000× faster depending on the particular set.
|
|
|
System for Testing of YARA Rules
Dižová, Natália ; Křivka, Zbyněk (referee) ; Regéciová, Dominika (advisor)
The goal of this bachelor's thesis is to design and implement system for testing rules, which are used to detect malware. Theoretical section contains necessary knowledge about the pattern description language and the pattern matching tool named YARA. Next section contains description and analysis of currently available detection rules, their structure and usage. A system developed by Avast Software used for distributed file scanning, called Yarka, is also described. The core of this thesis is about description of system for YARA rules testing using system Yarka. The achieved results of regression testing of rules are discussed in conclusion. This thesis was created with Avast Software collaboration.
|
|
|
Analysis and detection of PWS malware
Blažek, Jan ; Ricci, Sara (referee) ; Dzurenda, Petr (advisor)
Cílem této bakalářské práce je studium problematiky škodlivého kódu a jeho jednotilivých typů se specifickým zaměřením na typ PWS (z angl. Password Stealers). Práce představuje různé metody analýzy binárního spustitelného kódu jako jsou statická a dynamická analýza, nebo sandboxing. Použitím těchto metod bylo analyzováno jedenáct rodin malwaru. Tři z nich jsou novými objevy. Práce taktéž pojednává o tvorbě detekčních a klasifikačních pravidel a jejich následné implementace v jazyku YARA. V textu je vytvořeno několik detekčních pravidel klasifikující specifické rodiny typu PWS. V práci jsou uvedeny výsledná data znázorňující šíření popsaného malwaru v uživatelské bázy společnosti Avast. Na konci práce je vypracováno laboratrní cvičení zaměřené na reverzní inženýrství a analýzu malwaru.
|
|
|
Methods of Ransomware Analysis and Detection
Vojtáš, Samuel ; Kolář, Dušan (referee) ; Zobal, Lukáš (advisor)
The purpose of this thesis is to demonstrate the threat of malware and to describe its forms. Special focus is put on ransomware - its historical evolution, method of analysis, detection, and recovery from it. Various techniques of reverse engineering are also introduced alongside concepts related to it, such as static and dynamic analysis or sandboxing. Paper centers around creating detection mechanisms and malware classification. Company Avast provided samples of several ransomware families for the analysis to create detection YARA rules and to describe samples' behavior. The process of development of detection mechanisms for ransomware threats is shown alongside the method to decrypt files encrypted by various ransomware families that contained cryptography errors. The end of the thesis sums up the resulting data regarding the efficiency of defense mechanisms.
|
|
|
Improved Pattern Generation for Detection of Malicious Code
Štěpánek, Martin ; Regéciová, Dominika (referee) ; Křivka, Zbyněk (advisor)
This thesis deals with an automatic pattern generation, that can be used for detection of malicious code. The aim of this thesis is to create a tool to help the analysts to detect malware. Approaches of malware detection used in Avast Software are reviewed. A tool called YaraGen, which was improved in this work, is presented. New analyses implemented for YaraGen are introduced. The main contribution of this thesis are behavioral analyses of a malicious code.
|
|
|
Analysis and Detection of RAT Malware
Sidor, Samuel ; Frolka, Jakub (referee) ; Hajný, Jan (advisor)
Goal of this bachelor’s thesis is studying problematics of various types of malware with specific focus on RAT (Remote Access Trojan) category. This thesis will also acquaint reader with static and dynamic binary analysis and terms like reverse engineering, sandboxing, decompilation, etc. Then chosen malware families will be analysed and for these families detection rules in YARA language will be created. Except this, reader will be acquainted also with protection against RAT malware and finally data acquired from detail analysis will be evaluated.
|
|
|
Multiplatform Linux Sandbox for Analyzing IoT Malware
Uhříček, Daniel ; Burget, Radek (referee) ; Kolář, Dušan (advisor)
Analýza IoT malwaru je problematická zejména pro množství a rozlišnost architektur procesorů používaných IoT zařízeními. Práce shrnuje možnosti statické, dynamické a síťové analýzy Linuxového malwaru a hodnotí existující open source řešení oddělených běhových prostředí pro automatizovanou analýzu. Práce navrhuje modulární, rozšířitelný systém s~jednoduchými možnostmi nasazení, dostupnou API a webovým rozhraním. Výsledná implementace podporuje pět architektur a byla testována na vzorcích IoT malwaru.
|
|
|
Phishing Detection in Web Pages
Beňo, Marek ; Hrivňák, Ján (referee) ; Holkovič, Martin (advisor)
This work deals with the design of a phishing attack detection and classification tool. The work describes techniques and forms of phishing attacks and availible tools and techniques for phishing detection. Based on the analysis of existing tools a solution for file classification is proposed. Implemented tool handles input parsing and creation of input model. Model is based on hybrid analysis of input file and URL. Using the YARA tool, YARA rules are applied which are then used in creation of input classification. Analysis of input model and definition of classification rules is enabled by implemented YARA module. Implemented solution makes it possible to define YARA rules for phishing classification based on the structural properties of a phishing file and features of source URL.
|
|
|
System for Pattern Recognition in Binary Files
Milkovič, Marek ; Kolář, Dušan (referee) ; Matula, Peter (advisor)
Malicious software spreads really fast in the age of the Internet and it harms users and their data. Therefore, it is necessary to improve methods of how we deal with its analysis, so we can protect potential victims. This thesis deals with design and implementation of system for generating patterns out of executable files in cooperation with AVG Technologies. The goal of this work is to create a tool that generates a detection pattern from the set of binary files. This work further proposes new types of analyses for extraction of information out of executable files. Designed and implemented system is used in practice for analysis of new malicious code and it is integrated into the clustering system.
|
guest ::
