|
|
Identification and characterization of malicious behavior in behavioral graphs
Varga, Adam ; Burget, Radim (oponent) ; Hajný, Jan (vedoucí práce)
In recent years, there has been an increase in work involving comprehensive malware detection. It is often useful to use a graph format to capture behavior. This is the case with the Avast antivirus program, whose behavioral shield detects malicious behavior and stores it in the form of graphs. Since this is a proprietary solution and Avast antivirus works with its own set of characterized behavior, it was necessary to design our own detection method that will be built on top of these behavioral graphs. This work analyzes graphs of malware behavior captured by the behavioral shield of the Avast antivirus program for the process of deeper detection of malware. Detection of malicious behavior begins with the analysis and abstraction of patterns from the behavioral graph. Isolated patterns can more effectively identify dynamically changing malware. Behavior graphs are stored in the Neo4j graph database and thousands of them are captured every day. The aim of this work was to design an algorithm to identify the behavior of malicious software with emphasis on tagging speed and uniqueness of identified patterns of behavior. Identification of malicious behavior consists in finding the most important properties of trained classifiers and subsequent extraction of a subgraph consisting only of these important properties of nodes and the relationships between them. Subsequently, a rule for the evaluation of the extracted subgraph is proposed. The diploma thesis took place in cooperation with Avast Software s.r.o.
|
|
|
Malware Detection in TLS Communication
Kapišinský, Marián ; Ryšavý, Ondřej (oponent) ; Matoušek, Petr (vedoucí práce)
This master's thesis demonstrates that encrypted malware communication can still be detected in the network traffic despite the differences between the encrypted communication of the ever-evolving malware and benign processes slowly diminishing. The detection relies purely on data extracted from the unencrypted portions of the TLS protocol. The data is then analyzed using random forests and isolation forests. The work demonstrates that both models perform well with only a small number of inaccurate classifications. The two models also show similar results in a real-world deployment.
|
|
|
Identification and characterization of malicious behavior in behavioral graphs
Varga, Adam ; Burget, Radim (oponent) ; Hajný, Jan (vedoucí práce)
In recent years, there has been an increase in work involving comprehensive malware detection. It is often useful to use a graph format to capture behavior. This is the case with the Avast antivirus program, whose behavioral shield detects malicious behavior and stores it in the form of graphs. Since this is a proprietary solution and Avast antivirus works with its own set of characterized behavior, it was necessary to design our own detection method that will be built on top of these behavioral graphs. This work analyzes graphs of malware behavior captured by the behavioral shield of the Avast antivirus program for the process of deeper detection of malware. Detection of malicious behavior begins with the analysis and abstraction of patterns from the behavioral graph. Isolated patterns can more effectively identify dynamically changing malware. Behavior graphs are stored in the Neo4j graph database and thousands of them are captured every day. The aim of this work was to design an algorithm to identify the behavior of malicious software with emphasis on tagging speed and uniqueness of identified patterns of behavior. Identification of malicious behavior consists in finding the most important properties of trained classifiers and subsequent extraction of a subgraph consisting only of these important properties of nodes and the relationships between them. Subsequently, a rule for the evaluation of the extracted subgraph is proposed. The diploma thesis took place in cooperation with Avast Software s.r.o.
|
host ::
RSS.