|
|
USB Flashdrives Virus Detector Implemented in RaspberryPi
Polehňa, Dominik ; Pánek, Richard (referee) ; Krčma, Martin (advisor)
This thesis is focused on the analysis of internet security and the implementation of USB flashdrives virus detector. We will firstly analyze the basics of viruses and antiviruses and from gained knowledge we are going to create an automatic virus detector which doesn't need an user intervention. For impelementation will be used a platform Raspberry Pi and programming language Python.
|
|
|
Analysis of malware
Bláha, Michael ; Caha, Tomáš (referee) ; Člupek, Vlastimil (advisor)
The aim of my bachelor thesis is to design a safe environment for the analysis of malicious software. In the theoretical part of the work, I deal with the basic division of computer viruses. Next, I describe two main procedures for malware analysis, namely static and dynamic analysis. I describe why they are used and what tools fall into these categories. I also present my methodology for secure malware analysis. In the practical part of the work, I focus on creating an analytical environment on Windows 10 and Fedora platforms. I use a graphical environment and a command line to create virtual machines. For the analysis of network traffic, I create the so-called "Fake Internet" program with the INetSim program. In the last part of the work, I deal with a sample analysis of selected types of computer viruses. I follow the described methodology. For each analysis, I describe a brief summary and results. At the end of the work, I describe a possible defense against malicious software.
|
|
|
Generic Detection of Bootkits
Gach, Tomáš ; Křoustek, Jakub (referee) ; Hruška, Tomáš (advisor)
This thesis deals with the generic detection of bootkits which are relatively a new kind of malicious sofware falling into the category of rootkits. The definition of malicious software is presented along with several examples. Then the attention is paid to the rootkits in the context of Microsoft Windows operating systems. This section lists several techniques used by rootkits. After that, the ways of preventing and detecting rootkits are mentioned. Bootkits are known for infecting hard disks Master Boot Record (MBR). The structure of the MBR is described along with the example of hard disk partitioning. Afterwards, the processor instruction set is outlined and the disassembly of Windows 7 MBR is given. The rest of the thesis is devoted to a description of the course of operating system bootkit infection, bootkit prevention, analysis of infected MBR samples, and in particular to the design, implementation and testing of the generic MBR infection detector.
|
|
|
Optimization of Heuristic Analysis of Executable Files
Wiglasz, Michal ; Křoustek, Jakub (referee) ; Hruška, Tomáš (advisor)
This BSc Thesis was performed during a study stay at the Universita della Svizzera italiana, Swiss. This thesis describes the implementation of a classification tool for detection of unknown malware based on their behaviour which could replace current solution, based on manually chosen attributes'scores and a threshold. The database used for training and testing was provided by AVG Technologies company, which specializes in antivirus and security systems. Five different classifiers were compared in order to find the best one for implementation: Naive Bayes, a decision tree, RandomForrest, a neural net and a support vector machine. After series of experiments, the Naive Bayes classifier was selected. The implemented application covers all necessary steps: attribute extraction, training, estimation of the performance and classification of unknown samples. Because the company is willing to tolerate false positive rate of only 1% or less, the accuracy of the implemented classifier is only 61.7%, which is less than 1% better than the currently used approach. However it provides automation of the learning process and allows quick re-training (in average around 12 seconds for 90 thousand training samples).
|
|
|
Java Byte Code Emulator Suitable for Malware Detection and Analysis
Kubernát, Tomáš ; Rogalewicz, Adam (referee) ; Drahanský, Martin (advisor)
The goal of this thesis is to create a virtual machine that emulates a running programs written in Java programing language, which would be suitable for malware analysis and detection. The emulator is able to detect arguments of exploitable methods from Java standard classes, the order of calling these exploitable methods and also execution the test application. Overall functionality was tested on appropriate examples in which held its own measurements. At the end of the paper we describe testing of the emulator, which also contains tables and graphs for better results visualization.
|
|
|
Analysis of malware
Bláha, Michael ; Caha, Tomáš (referee) ; Člupek, Vlastimil (advisor)
The aim of my bachelor thesis is to design a safe environment for the analysis of malicious software. In the theoretical part of the work, I deal with the basic division of computer viruses. Next, I describe two main procedures for malware analysis, namely static and dynamic analysis. I describe why they are used and what tools fall into these categories. I also present my methodology for secure malware analysis. In the practical part of the work, I focus on creating an analytical environment on Windows 10 and Fedora platforms. I use a graphical environment and a command line to create virtual machines. For the analysis of network traffic, I create the so-called "Fake Internet" program with the INetSim program. In the last part of the work, I deal with a sample analysis of selected types of computer viruses. I follow the described methodology. For each analysis, I describe a brief summary and results. At the end of the work, I describe a possible defense against malicious software.
|
|
|
Java Byte Code Emulator Suitable for Malware Detection and Analysis
Kubernát, Tomáš ; Rogalewicz, Adam (referee) ; Drahanský, Martin (advisor)
The goal of this thesis is to create a virtual machine that emulates a running programs written in Java programing language, which would be suitable for malware analysis and detection. The emulator is able to detect arguments of exploitable methods from Java standard classes, the order of calling these exploitable methods and also execution the test application. Overall functionality was tested on appropriate examples in which held its own measurements. At the end of the paper we describe testing of the emulator, which also contains tables and graphs for better results visualization.
|
|
|
USB Flashdrives Virus Detector Implemented in RaspberryPi
Polehňa, Dominik ; Pánek, Richard (referee) ; Krčma, Martin (advisor)
This thesis is focused on the analysis of internet security and the implementation of USB flashdrives virus detector. We will firstly analyze the basics of viruses and antiviruses and from gained knowledge we are going to create an automatic virus detector which doesn't need an user intervention. For impelementation will be used a platform Raspberry Pi and programming language Python.
|
|
|
Optimization of Heuristic Analysis of Executable Files
Wiglasz, Michal ; Křoustek, Jakub (referee) ; Hruška, Tomáš (advisor)
This BSc Thesis was performed during a study stay at the Universita della Svizzera italiana, Swiss. This thesis describes the implementation of a classification tool for detection of unknown malware based on their behaviour which could replace current solution, based on manually chosen attributes'scores and a threshold. The database used for training and testing was provided by AVG Technologies company, which specializes in antivirus and security systems. Five different classifiers were compared in order to find the best one for implementation: Naive Bayes, a decision tree, RandomForrest, a neural net and a support vector machine. After series of experiments, the Naive Bayes classifier was selected. The implemented application covers all necessary steps: attribute extraction, training, estimation of the performance and classification of unknown samples. Because the company is willing to tolerate false positive rate of only 1% or less, the accuracy of the implemented classifier is only 61.7%, which is less than 1% better than the currently used approach. However it provides automation of the learning process and allows quick re-training (in average around 12 seconds for 90 thousand training samples).
|
|
|
Generic Detection of Bootkits
Gach, Tomáš ; Křoustek, Jakub (referee) ; Hruška, Tomáš (advisor)
This thesis deals with the generic detection of bootkits which are relatively a new kind of malicious sofware falling into the category of rootkits. The definition of malicious software is presented along with several examples. Then the attention is paid to the rootkits in the context of Microsoft Windows operating systems. This section lists several techniques used by rootkits. After that, the ways of preventing and detecting rootkits are mentioned. Bootkits are known for infecting hard disks Master Boot Record (MBR). The structure of the MBR is described along with the example of hard disk partitioning. Afterwards, the processor instruction set is outlined and the disassembly of Windows 7 MBR is given. The rest of the thesis is devoted to a description of the course of operating system bootkit infection, bootkit prevention, analysis of infected MBR samples, and in particular to the design, implementation and testing of the generic MBR infection detector.
|
guest ::
