Malicious Entity Categorization using Graph modeling

Thumbnail Image

Files

master_Srinivaasan_Gayathri_2016.pdf (3.06 MB)

URL

Journal Title

Journal ISSN

Volume Title

Perustieteiden korkeakoulu | Master's thesis
Unless otherwise stated, all rights belong to the author. You may download, display and print this publication for Your own personal use. Commercial use is prohibited.

Authors

Date

2016-10-27

Department

Major/Subject

Cloud Computing and Services

Mcode

T-110

Degree programme

Master's Programme in ICT Innovation

Language

en

Pages

60

Series

Abstract

Today, malware authors not only write malicious software but also employ obfuscation, polymorphism, packing and endless such evasive techniques to escape detection by Anti-Virus Products (AVP). Besides the individual behavior of malware, the relations that exist among them play an important role for improving malware detection. This work aims to enable malware analysts at F-Secure Labs to explore various such relationships between malicious URLs and file samples in addition to their individual behavior and activity. The current detection methods at F-Secure Labs analyze unknown URLs and file samples independently without taking into account the correlations that might exist between them. Such traditional classification methods perform well but are not efficient at identifying complex multi-stage malware that hide their activity. The interactions between malware may include any type of network activity, dropping, downloading, etc. For instance, an unknown downloader that connects to a malicious website which in turn drops a malicious payload, should indeed be blacklisted. Such analysis can help block the malware infection at its source and also comprehend the whole infection chain. The outcome of this proof-of-concept study is a system that detects new malware using graph modeling to infer their relationship to known malware as part of the malware classification services at F-Secure.

Description

Supervisor

Asokan, N

Thesis advisor

Marchal, Samuel
Ranta-aho, Perttu

Keywords

malware, graph modeling, graph mining, graph traversal, malware classification

Other note

Citation

Permanent link to this item

https://urn.fi/URN:NBN:fi:aalto-201611025405

Collections

[dipl] Perustieteiden korkeakoulu / SCI