|
|
In-Depth Analysis of Code Similarity in Malware Strains
Voščinár, Martin ; Kolář, Dušan (referee) ; Zobal, Lukáš (advisor)
The goal of this thesis is the analysis of malware strains with the aim to discover relationships in terms of code similarity or its reuse. Specialized tools are used for the detection of binary code similarity. Selected strains are then analyzed using reverse engineering techniques to uncover the purpose and origin of such code. Based on these findings, detection patterns are created, efficiently detecting those threats. This research also points out the shortcomings of used tools and proposes options for improvement. In conclusion, the obtained results of this thesis are summarized and evaluated with prospects for the future.
|
|
|
High-Performance Platform for Malware Research
Plaskoň, Pavol ; Bartík, Vladimír (referee) ; Kolář, Dušan (advisor)
Anti-malware companies analyze large number of files every day. In order to speed up their analysis, many automatized tools were implemented. Detection definitions that detect malicious software are often generated automatically. Information about currently spreading malware is scattered across several tools and they are sometimes too generic. This work proposes a new tool that will aggregate, prioritize, and evaluate all the available information. Due to large amount of incoming data, high performance and scalability of the system is necessary. Files, detection definitions, and other objects will be tagged using the given information directly or inferred. Collected information will be accessible via interface for further analysis and statistics. Everything was implemented, tested and put into production.
|
|
|
Java Byte Code Emulator Suitable for Malware Detection and Analysis
Kubernát, Tomáš ; Rogalewicz, Adam (referee) ; Drahanský, Martin (advisor)
The goal of this thesis is to create a virtual machine that emulates a running programs written in Java programing language, which would be suitable for malware analysis and detection. The emulator is able to detect arguments of exploitable methods from Java standard classes, the order of calling these exploitable methods and also execution the test application. Overall functionality was tested on appropriate examples in which held its own measurements. At the end of the paper we describe testing of the emulator, which also contains tables and graphs for better results visualization.
|
|
|
Analýza škodlivého kódu ve virtuálním prostředí
KOVÁŘ, Jaroslav
The diploma thesis deals with analysis of malware that attempts to evade many kinds of analyses in virtual environments (so-called evasive malware). The thesis includes a designed implementation of the analysis environment, experiments and assessment of the malware analysis in virtual environment, which validates the benefits of protective measures making the analysis environment less obvious to evasive malware. An important source of inspiration for creating the basis of some of the protective measures were findings about biological viruses.
|
|
|
In-Depth Analysis of Code Similarity in Malware Strains
Voščinár, Martin ; Kolář, Dušan (referee) ; Zobal, Lukáš (advisor)
The goal of this thesis is the analysis of malware strains with the aim to discover relationships in terms of code similarity or its reuse. Specialized tools are used for the detection of binary code similarity. Selected strains are then analyzed using reverse engineering techniques to uncover the purpose and origin of such code. Based on these findings, detection patterns are created, efficiently detecting those threats. This research also points out the shortcomings of used tools and proposes options for improvement. In conclusion, the obtained results of this thesis are summarized and evaluated with prospects for the future.
|
|
|
Java Byte Code Emulator Suitable for Malware Detection and Analysis
Kubernát, Tomáš ; Rogalewicz, Adam (referee) ; Drahanský, Martin (advisor)
The goal of this thesis is to create a virtual machine that emulates a running programs written in Java programing language, which would be suitable for malware analysis and detection. The emulator is able to detect arguments of exploitable methods from Java standard classes, the order of calling these exploitable methods and also execution the test application. Overall functionality was tested on appropriate examples in which held its own measurements. At the end of the paper we describe testing of the emulator, which also contains tables and graphs for better results visualization.
|
|
|
High-Performance Platform for Malware Research
Plaskoň, Pavol ; Bartík, Vladimír (referee) ; Kolář, Dušan (advisor)
Anti-malware companies analyze large number of files every day. In order to speed up their analysis, many automatized tools were implemented. Detection definitions that detect malicious software are often generated automatically. Information about currently spreading malware is scattered across several tools and they are sometimes too generic. This work proposes a new tool that will aggregate, prioritize, and evaluate all the available information. Due to large amount of incoming data, high performance and scalability of the system is necessary. Files, detection definitions, and other objects will be tagged using the given information directly or inferred. Collected information will be accessible via interface for further analysis and statistics. Everything was implemented, tested and put into production.
|
|
| |
|
|
Feature extraction from Android application packages and its usage in machine learning for malware classification
Smrž, Dominik ; Bálek, Martin (advisor) ; Kofroň, Jan (referee)
In this Thesis, we propose a machine-learning based classification algorithm of applications for a popular mobile phone operating system Android that can dis- tinguish malicious samples from benign ones. Feature extraction for the machine learning is based on static analysis of the application's bytecode with focus on API and method calls. We show various ways to transform the most frequent API and method calls into numeric (histogram-based) features. We further examine the specifics of the extracted features and discuss their importance. The dataset used for experiments in this Thesis contains more than 200,000 samples with approxi- mately half of them malicious and half of them benign. Further, multiple machine learning algorithms are examined and their performance is evaluated. The size of our dataset prevents overfitting and hence provides a reliable basis for training of classification models. The results of the experiments show that the proposed algo- rithm achieves very low false positive rate under 2.9% while preserving specificity over 93.6%. 1
|
guest ::
